How to verify a file and a p7s detached signature with openssl?

openssl ssl-certificate pkcs#7
10,306

Finally, I understand a litte bit about p7s file. This is pretty common to securing e-mail messages, but, I can use p7s files, that contains an PKCS#7 detached signatures with an certificate, to ensure the veracity of a file.

So, I sepparate my explanation, in parts to get easy to explain what I'm doing here. Please, correct me if there's something wrong!

First, Initial Config:

  1. create private key and certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Second, Creating an p7s File

  1. Run the command below to sign an pdf file, with private key, certificate and generate an p7s file that contains a signed hash of file and the certificate
openssl smime -sign -in test.pdf -inkey key.pem -outform DER -binary -signer cert.pem -out test.pdf.p7s

Finally, Verifying p7s File

  1. Now, I have to extract pkcs7 signature from p7s file
openssl pkcs7 -inform der -in test.pdf.p7s -out test.pdf.pkcs7
  1. After that, I extracted the certificate from pkcs7 file
openssl pkcs7 -print_certs -in test.pdf.pkcs7 -out test.pdf.pkcs7.cert
  1. Then, verify pkcs7, certificate and file together. Just to validate if that file belongs to that certificate
openssl smime -verify -binary -inform PEM -in test.pdf.pkcs7 -content test.pdf -certfile test.pdf.pkcs7.cert -nointern -noverify > /dev/null
Share:
10,306
Celso Agra
Author by

Celso Agra

Working on Software development, analisys of solutions and gathering requirements. Knowledge about programming languages and looking for new programming experience.

Updated on June 05, 2022

Comments

  • Celso Agra
    Celso Agra almost 2 years

    Would be possible to validate a file with p7s detached signature? I'm trying to do that using Openssl, but I got a default message about openssl and unknown option -verify

    here is my command:

    openssl pkcs7 -inform DER -verify -noverify -in file.docx.p7s -out file.docx

    is this possible to do a file verification and p7s signature using openssl?

    -- edit...

    Just to let you know. I got an p7s file with an pdf file. I'd like to know how to validate that.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error while creating self-signed SSL certificate
Invalid CA certificate with self signed certificate chain
Specify Subject Alternative Name when generating a self signed certificate
How to create a single line x509 certificate that can be parsed by OpenSSL commandline tool
Encrypt a big file using openssl smime
How can the SSL client validate the server's certificate?
SSL certificate not accepted
How to create an OpenSSL Self-Signed Certificate using SAN?
How to change only the subject(CN) in existing csr
How do I edit a self signed certificate created using openssl xampp?