0

I have a 323kb P7B containing 100 certificate that I've created from a 340kb PEM bundle. When I attempt to sign the P7B it completes but the output is instead only a 3k P7B containing the signature and signing cert only and none of the internal P7B content.

This is the openssl command I'm using:

openssl crl2pkcs7 -nocrl -certfile "$TIMENOW/$1/$1.pem" -out "$TIMENOW/$1/$1.p7b" # Convert the PEM to P7B
openssl cms -sign -inform DER -in "$TIMENOW/$1/$1.p7b" -outform DER -out "$TIMENOW/$1/$1.signed.p7b" -signer $SIGNERCERT -inkey $SIGNERKEY

The desired outcome is a signed P7B containing the unsigned P7B, signing cert, and signature.

user3665852
  • 57
  • 1
  • 5
  • 1
    `openssl cms sign` by default creates a detached signature, that doesn't contain the data, for `-outform der|pem` (or a clearsigned message, with signature and data separated, for `-outform smime`). Look on the man page for an option to change this; hint: it contains "no" followed by "detach". But this is not about programming or development. – dave_thompson_085 Apr 21 '23 at 16:13

0 Answers0