如何使用openssl验证文件和p7s分离签名? [英] How to verify a file and a p7s detached signature with openssl?
问题描述
是否可以验证带有 p7s 分离签名的文件?我正在尝试使用 Openssl 来做到这一点,但我收到了关于 openssl 和 unknown option -verify
Would be possible to validate a file with p7s detached signature? I'm trying to do that using Openssl, but I got a default message about openssl and unknown option -verify
这是我的命令:
openssl pkcs7 -inform DER -verify -noverify -in file.docx.p7s -out file.docx
是否可以使用 openssl 进行文件验证和 p7s 签名?
is this possible to do a file verification and p7s signature using openssl?
-- 编辑...
只是为了让你知道.我得到了一个带有 pdf 文件的 p7s 文件.我想知道如何验证这一点.
Just to let you know. I got an p7s file with an pdf file. I'd like to know how to validate that.
推荐答案
最后,我对 p7s 文件有了一点了解.这对于保护电子邮件消息很常见,但是,我可以使用 p7s 文件,其中包含带有证书的 PKCS#7 分离签名,以确保文件的真实性.
Finally, I understand a litte bit about p7s file. This is pretty common to securing e-mail messages, but, I can use p7s files, that contains an PKCS#7 detached signatures with an certificate, to ensure the veracity of a file.
所以,我将我的解释分成几部分,以便于解释我在这里所做的事情.如有不对,请指正!
So, I sepparate my explanation, in parts to get easy to explain what I'm doing here. Please, correct me if there's something wrong!
首先,初始配置:
- 创建私钥和证书
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
- 添加到受信任的证书,让 openssl 允许您的证书有效
sudo cp cert.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates
二、创建p7s文件
- 运行下面的命令来签署一个pdf文件,使用私钥、证书并生成一个p7s文件,其中包含文件和证书的签名哈希
openssl smime -sign -in test.pdf -inkey key.pem -outform DER -binary -signer cert.pem -out test.pdf.p7s
最后,验证 p7s 文件
- 现在,我必须从 p7s 文件中提取 pkcs7 签名
openssl pkcs7 -inform der -in test.pdf.p7s -out test.pdf.pkcs7
- 之后,我从 pkcs7 文件中提取了证书
openssl pkcs7 -print_certs -in test.pdf.pkcs7 -out test.pdf.pkcs7.cert
- 然后,一起验证pkcs7、证书和文件.只是为了验证该文件是否属于该证书
openssl smime -verify -binary -inform PEM -in test.pdf.pkcs7 -content test.pdf -certfile test.pdf.pkcs7.cert -nointern -noverify > /dev/null
PS.:要删除此证书,只需运行以下命令.这将删除和更新证书
PS.: To remove this certificate, just run the commands below. This will remove and update the certificates
sudo rm -f /usr/local/share/ca-certificates/cert.pem
sudo update-ca-certificates --fresh
这篇关于如何使用openssl验证文件和p7s分离签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!