From: Michael B. <mic...@cm...> - 2005-02-25 14:18:55
|
Johnny Gonzalez wrote: > Error 560 > General Error. Signature Object not returned, check > the openca-verify command. Cannot build PKCS#7-object > from extracted signature! > OpenCA::PKCS7 returns errorcode 7911031 > (OpenCA::PKCS7->new: Cannot initialize signature > (7912021). OpenCA::PKCS7->initSignature: Cannot parse > signature (7921021). OpenCA::PKCS7->getParsed: The > crypto-backend cannot verify the signature (7742075). > OpenCA::OpenSSL->verify: openca-sv failed. [Error]: > Digest mismatch. Signature is wrong. > [Info]: Input file intialized. > [Info]: Signaturefile initialized. > [Info]: Reading Certificate file. > [Info]: PKCS#7 object loaded. > [Info]: Data is ready for verification. > [Info]: Signature Informations (PKCS#7): > depth:1 serial:00 > subject:emailAddress=cam...@ce...,CN=camanager,OU=Internet,O=certicamara,C=CO > depth:0 serial:03 > subject:serialNumber=3,CN=radmin,OU=Internet,O=Certicamara,C=CO > [Info]: Signature is corrupt. Errorcode -1. > signature:error:-1 > ).. > > I cheked the signature by myself using the command: > > openca-sv verify -verbose -in 2080Firmada.pem -data > 2080.pem -cert ../RACert.pem -keyfile ../RAKey.pem -cf > ../cacert.pem > > And the result is: > > [Info]: Input file intialized. > [Info]: Signaturefile initialized. > [Info]: Reading Certificate file. > [Info]: PKCS#7 object loaded. > [Info]: Data is ready for verification. > [Info]: Signature Informations (PKCS#7): > depth:1 serial:00 > subject:emailAddress=ca...@ce...,CN=certicamara,OU=desarrollo,O=certicamara,C=co > depth:0 serial:2D > subject:serialNumber=45,CN=rad2,OU=Internet,O=CERTICAMARA,C=CO > signature:ok:1 Go to OpenSSL.pm and add some code to sub verify which creates a copy from the data and the signature file (`cp $sigfile /tmp/sig.pem`). After OpenCA failed you can test the verification by yourself with openca-sv. This should fail too. After this you can start checking what's wrong - the signature or the data. Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 mic...@cm... D-10099 Berlin _______________________________________________________________ |