How to verify a file and a p7s detached signature with openssl?
Finally, I understand a litte bit about p7s file. This is pretty common to securing e-mail messages, but, I can use p7s files, that contains an PKCS#7 detached signatures with an certificate, to ensure the veracity of a file.
So, I sepparate my explanation, in parts to get easy to explain what I'm doing here. Please, correct me if there's something wrong!
First, Initial Config:
- create private key and certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Second, Creating an p7s File
- Run the command below to sign an pdf file, with private key, certificate and generate an p7s file that contains a signed hash of file and the certificate
openssl smime -sign -in test.pdf -inkey key.pem -outform DER -binary -signer cert.pem -out test.pdf.p7s
Finally, Verifying p7s File
- Now, I have to extract pkcs7 signature from p7s file
openssl pkcs7 -inform der -in test.pdf.p7s -out test.pdf.pkcs7
- After that, I extracted the certificate from pkcs7 file
openssl pkcs7 -print_certs -in test.pdf.pkcs7 -out test.pdf.pkcs7.cert
- Then, verify pkcs7, certificate and file together. Just to validate if that file belongs to that certificate
openssl smime -verify -binary -inform PEM -in test.pdf.pkcs7 -content test.pdf -certfile test.pdf.pkcs7.cert -nointern -noverify > /dev/null
Celso Agra
Working on Software development, analisys of solutions and gathering requirements. Knowledge about programming languages and looking for new programming experience.
Updated on June 05, 2022Comments
-
Celso Agra almost 2 years
Would be possible to validate a file with p7s detached signature? I'm trying to do that using Openssl, but I got a default message about openssl and
unknown option -verify
here is my command:
openssl pkcs7 -inform DER -verify -noverify -in file.docx.p7s -out file.docx
is this possible to do a file verification and p7s signature using openssl?
-- edit...
Just to let you know. I got an p7s file with an pdf file. I'd like to know how to validate that.