crypto: verify external pkcs7 signature

[Thomas Guettler]

Hi,

some black box system gives me secKey.pkcs7 signature and
a data file. The signature should be correct, but it fails.


On newer system I get this: M2Crypto.SMIME.PKCS7_Error: digest failure

on older systems (openssl-0.9.8h-28.10.1) I get PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:312

On a system with openssl-0.9.8e-45.13 the script creates a core dump.

Any hints?

{{{
def verify(file):
    s = SMIME.SMIME()
    cert_file='CN=NW4.cert'
    x509=X509.load_cert(cert_file)
    sk=X509.X509_Stack()
    sk.push(x509)
    s.set_x509_stack(sk)

    # Load the signer's CA cert. In this case, because the signer's
    # cert is self-signed, it is the signer's cert itself.

    st = X509.X509_Store()
    st.load_info(cert_file)  # CA Cert
    s.set_x509_store(st)
    from M2Crypto.BIO import File

    # Load the data, verify it.
    p7=SMIME.load_pkcs7('secKey.pkcs7')
    try:
        print s.verify(p7, File(open(file)))
    except (M2Crypto.SMIME.PKCS7_Error, M2Crypto.SMIME.SMIME_Error), exc:
        print '%s failed: %s' % (file, str(exc).strip())
        return False
    return True
}}}


-- 
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de