Question
I am using openssl to sign files using a security token The command that I use is
https://stackoverflow.com/questions/18651504
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianOpenSSL> smime -md sha256 -nodetach -binary -outform DER -sign -signer my.pem -inkey id_XXXXXXXX -keyform engine -in test.txt -out test.p7m -engine pkcs11
and it works. The application that I use to verify the signature says that the signature is good, but that the id-aa-signingCertificateV2 is missing. I tried to google, and I discovered that this attribute is mandated by the CADES (CMS Advanced Electronic Signatures) specs.
My questions are:
Solution
After trying to ask on openssl-users and getting no answer, I found the answer on my own.
openssl currently lacks this feature, but it is possible to implement it. I sent a patch to openssl-dev, which implements it for smime. I hope to get feedback and have the patch merged in the future.
