Commit fd13f0ee authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files 

Make req seed the PRNG if signing with
an already existing DSA key.

Document the new smime options.
parent b364e5d2

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -4,6 +4,10 @@ 


 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]



  *) Fix so PRNG is seeded in req if using an already existing

     DSA key.

     [Steve Henson]



  *) New options to smime application. -inform and -outform

     allow alternative formats for the S/MIME message including

     PEM and DER. The -content option allows the content to be

apps/req.c

+5 −0
Original line number Diff line number Diff line
@@ -547,6 +547,11 @@ bad: 
			BIO_printf(bio_err,"unable to load Private key\n");

			goto end;

			}

                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)

			{

			char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");

			app_RAND_load_file(randfile, bio_err, 0);

                	}

		}



	if (newreq && (pkey == NULL))

apps/smime.c

+3 −0
Original line number Diff line number Diff line
@@ -277,8 +277,11 @@ int MAIN(int argc, char **argv) 
		BIO_printf (bio_err, "-signer file   signer certificate file\n");

		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");

		BIO_printf (bio_err, "-in file       input file\n");

		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");

		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");

		BIO_printf (bio_err, "-out file      output file\n");

		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");

		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");

		BIO_printf (bio_err, "-to addr       to address\n");

		BIO_printf (bio_err, "-from ad       from address\n");

		BIO_printf (bio_err, "-subject s     subject\n");

doc/apps/smime.pod

+46 −1
Original line number Diff line number Diff line
@@ -22,8 +22,11 @@ B<openssl> B<smime> 
[B<-signer file>]

[B<-recip  file>]

[B<-in file>]

[B<-inform SMIME|PEM|DER>]

[B<-inkey file>]

[B<-out file>]

[B<-outform SMIME|PEM|DER>]

[B<-content file>]

[B<-to addr>]

[B<-from ad>]

[B<-subject s>]
@@ -74,11 +77,37 @@ takes an input message and writes out a PEM encoded PKCS#7 structure. 
the input message to be encrypted or signed or the MIME message to

be decrypted or verified.



=item B<-inform SMIME|PEM|DER>



this specifies the input format for the PKCS#7 structure. The default

is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>

format change this to expect PEM and DER format PKCS#7 structures

instead. This currently only affects the input format of the PKCS#7

structure, if no PKCS#7 structure is being input (for example with

B<-encrypt> or B<-sign>) this option has no effect.



=item B<-out filename>



the message text that has been decrypted or verified or the output MIME

format message that has been signed or verified.



=item B<-outform SMIME|PEM|DER>



this specifies the output format for the PKCS#7 structure. The default

is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>

format change this to write PEM and DER format PKCS#7 structures

instead. This currently only affects the output format of the PKCS#7

structure, if no PKCS#7 structure is being output (for example with

B<-verify> or B<-decrypt>) this option has no effect.



=item B<-content filename>



This specifies a file containing the detached content, this is only

useful with the B<-verify> command. This is only usable if the PKCS#7

structure is using the detached signature form where the content is

not included. This option will override any content if the input format

is S/MIME and it uses the multipart/signed MIME content type.



=item B<-text>



this option adds plain text (text/plain) MIME headers to the supplied
@@ -204,7 +233,7 @@ a blank line. Piping the mail directly to sendmail is one way to 
achieve the correct format.



The supplied message to be signed or encrypted must include the

necessary MIME headers: or many S/MIME clients wont display it

necessary MIME headers or many S/MIME clients wont display it

properly (if at all). You can use the B<-text> option to automatically

add plain text headers.
@@ -301,6 +330,22 @@ Decrypt mail: 


 openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem



The output from Netscape form signing is a PKCS#7 structure with the

detached signature format. You can use this program to verify the

signature by line wrapping the base64 encoded structure and surrounding

it with:



 -----BEGIN PKCS7----

 -----END PKCS7----



and using the command, 



 openssl smime -verify -inform PEM -in signature.pem -content content.txt



alternatively you can base64 decode the signature and use



 openssl smime -verify -inform DER -in signature.der -content content.txt



=head1 BUGS



The MIME parser isn't very clever: it seems to handle most messages that I've thrown