Commit | Line | Data |
---|---|---|
e3261593 | 1 | .\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19) |
8b0cefbb JR |
2 | .\" |
3 | .\" Standard preamble: | |
4 | .\" ======================================================================== | |
8b0cefbb | 5 | .de Sp \" Vertical space (when we can't use .PP) |
984263bc MD |
6 | .if t .sp .5v |
7 | .if n .sp | |
8 | .. | |
8b0cefbb | 9 | .de Vb \" Begin verbatim text |
984263bc MD |
10 | .ft CW |
11 | .nf | |
12 | .ne \\$1 | |
13 | .. | |
8b0cefbb | 14 | .de Ve \" End verbatim text |
984263bc | 15 | .ft R |
984263bc MD |
16 | .fi |
17 | .. | |
8b0cefbb JR |
18 | .\" Set up some character translations and predefined strings. \*(-- will |
19 | .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | |
e257b235 PA |
20 | .\" double quote, and \*(R" will give a right double quote. \*(C+ will |
21 | .\" give a nicer C++. Capital omega is used to do unbreakable dashes and | |
22 | .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, | |
23 | .\" nothing in troff, for use with C<>. | |
24 | .tr \(*W- | |
8b0cefbb | 25 | .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' |
984263bc | 26 | .ie n \{\ |
8b0cefbb JR |
27 | . ds -- \(*W- |
28 | . ds PI pi | |
29 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | |
30 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch | |
31 | . ds L" "" | |
32 | . ds R" "" | |
33 | . ds C` "" | |
34 | . ds C' "" | |
984263bc MD |
35 | 'br\} |
36 | .el\{\ | |
8b0cefbb JR |
37 | . ds -- \|\(em\| |
38 | . ds PI \(*p | |
39 | . ds L" `` | |
40 | . ds R" '' | |
984263bc | 41 | 'br\} |
8b0cefbb | 42 | .\" |
e257b235 PA |
43 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
44 | .ie \n(.g .ds Aq \(aq | |
45 | .el .ds Aq ' | |
46 | .\" | |
8b0cefbb | 47 | .\" If the F register is turned on, we'll generate index entries on stderr for |
01185282 | 48 | .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
8b0cefbb JR |
49 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
50 | .\" output yourself in some meaningful fashion. | |
e257b235 | 51 | .ie \nF \{\ |
8b0cefbb JR |
52 | . de IX |
53 | . tm Index:\\$1\t\\n%\t"\\$2" | |
984263bc | 54 | .. |
8b0cefbb JR |
55 | . nr % 0 |
56 | . rr F | |
984263bc | 57 | .\} |
e257b235 PA |
58 | .el \{\ |
59 | . de IX | |
60 | .. | |
61 | .\} | |
aac4ff6f | 62 | .\" |
8b0cefbb JR |
63 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
64 | .\" Fear. Run. Save yourself. No user-serviceable parts. | |
65 | . \" fudge factors for nroff and troff | |
984263bc | 66 | .if n \{\ |
8b0cefbb JR |
67 | . ds #H 0 |
68 | . ds #V .8m | |
69 | . ds #F .3m | |
70 | . ds #[ \f1 | |
71 | . ds #] \fP | |
984263bc MD |
72 | .\} |
73 | .if t \{\ | |
8b0cefbb JR |
74 | . ds #H ((1u-(\\\\n(.fu%2u))*.13m) |
75 | . ds #V .6m | |
76 | . ds #F 0 | |
77 | . ds #[ \& | |
78 | . ds #] \& | |
984263bc | 79 | .\} |
8b0cefbb | 80 | . \" simple accents for nroff and troff |
984263bc | 81 | .if n \{\ |
8b0cefbb JR |
82 | . ds ' \& |
83 | . ds ` \& | |
84 | . ds ^ \& | |
85 | . ds , \& | |
86 | . ds ~ ~ | |
87 | . ds / | |
984263bc MD |
88 | .\} |
89 | .if t \{\ | |
8b0cefbb JR |
90 | . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" |
91 | . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | |
92 | . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | |
93 | . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | |
94 | . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | |
95 | . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | |
984263bc | 96 | .\} |
8b0cefbb | 97 | . \" troff and (daisy-wheel) nroff accents |
984263bc MD |
98 | .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' |
99 | .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | |
100 | .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | |
101 | .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | |
102 | .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | |
103 | .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | |
104 | .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | |
105 | .ds ae a\h'-(\w'a'u*4/10)'e | |
106 | .ds Ae A\h'-(\w'A'u*4/10)'E | |
8b0cefbb | 107 | . \" corrections for vroff |
984263bc MD |
108 | .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' |
109 | .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | |
8b0cefbb | 110 | . \" for low resolution devices (crt and lpr) |
984263bc MD |
111 | .if \n(.H>23 .if \n(.V>19 \ |
112 | \{\ | |
8b0cefbb JR |
113 | . ds : e |
114 | . ds 8 ss | |
115 | . ds o a | |
116 | . ds d- d\h'-1'\(ga | |
117 | . ds D- D\h'-1'\(hy | |
118 | . ds th \o'bp' | |
119 | . ds Th \o'LP' | |
120 | . ds ae ae | |
121 | . ds Ae AE | |
984263bc MD |
122 | .\} |
123 | .rm #[ #] #H #V #F C | |
8b0cefbb JR |
124 | .\" ======================================================================== |
125 | .\" | |
126 | .IX Title "PKCS7_verify 3" | |
e3261593 | 127 | .TH PKCS7_verify 3 "2012-01-04" "1.0.0f" "OpenSSL" |
e257b235 PA |
128 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
129 | .\" way too many mistakes in technical documents. | |
130 | .if n .ad l | |
131 | .nh | |
984263bc MD |
132 | .SH "NAME" |
133 | PKCS7_verify \- verify a PKCS#7 signedData structure | |
134 | .SH "SYNOPSIS" | |
8b0cefbb | 135 | .IX Header "SYNOPSIS" |
01185282 PA |
136 | .Vb 1 |
137 | \& #include <openssl/pkcs7.h> | |
138 | \& | |
139 | \& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); | |
140 | \& | |
141 | \& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); | |
142 | .Ve | |
984263bc | 143 | .SH "DESCRIPTION" |
8b0cefbb JR |
144 | .IX Header "DESCRIPTION" |
145 | \&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 | |
984263bc MD |
146 | structure to verify. \fBcerts\fR is a set of certificates in which to search for |
147 | the signer's certificate. \fBstore\fR is a trusted certficate store (used for | |
148 | chain verification). \fBindata\fR is the signed data if the content is not | |
149 | present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR | |
8b0cefbb | 150 | if it is not \s-1NULL\s0. |
984263bc | 151 | .PP |
8b0cefbb | 152 | \&\fBflags\fR is an optional set of flags, which can be used to modify the verify |
984263bc MD |
153 | operation. |
154 | .PP | |
8b0cefbb JR |
155 | \&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does |
156 | \&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR | |
984263bc MD |
157 | and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. |
158 | .SH "VERIFY PROCESS" | |
8b0cefbb | 159 | .IX Header "VERIFY PROCESS" |
984263bc MD |
160 | Normally the verify process proceeds as follows. |
161 | .PP | |
162 | Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must | |
163 | be signedData. There must be at least one signature on the data and if | |
8b0cefbb | 164 | the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. |
984263bc MD |
165 | .PP |
166 | An attempt is made to locate all the signer's certificates, first looking in | |
8b0cefbb | 167 | the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates |
984263bc MD |
168 | contained in the \fBp7\fR structure itself. If any signer's certificates cannot be |
169 | located the operation fails. | |
170 | .PP | |
171 | Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and | |
172 | the supplied trusted certificate store. Any internal certificates in the message | |
173 | are used as untrusted CAs. If any chain verify fails an error code is returned. | |
174 | .PP | |
8b0cefbb | 175 | Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and |
984263bc MD |
176 | the signature's checked. |
177 | .PP | |
178 | If all signature's verify correctly then the function is successful. | |
179 | .PP | |
180 | Any of the following flags (ored together) can be passed in the \fBflags\fR parameter | |
8b0cefbb | 181 | to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is |
984263bc MD |
182 | meaningful to \fIPKCS7_get0_signers()\fR. |
183 | .PP | |
8b0cefbb | 184 | If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not |
984263bc MD |
185 | searched when locating the signer's certificate. This means that all the signers |
186 | certificates must be in the \fBcerts\fR parameter. | |
187 | .PP | |
8b0cefbb | 188 | If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted |
984263bc MD |
189 | from the content. If the content is not of type \fBtext/plain\fR then an error is |
190 | returned. | |
191 | .PP | |
8b0cefbb | 192 | If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. |
984263bc | 193 | .PP |
8b0cefbb | 194 | If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are |
984263bc MD |
195 | not used as untrusted CAs. This means that the whole verify chain (apart from |
196 | the signer's certificate) must be contained in the trusted store. | |
197 | .PP | |
8b0cefbb | 198 | If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. |
984263bc | 199 | .SH "NOTES" |
8b0cefbb JR |
200 | .IX Header "NOTES" |
201 | One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by | |
984263bc MD |
202 | a small number of certificates. The acceptable certificates would be passed |
203 | in the \fBcerts\fR parameter. In this case if the signer is not one of the | |
204 | certificates supplied in \fBcerts\fR then the verify will fail because the | |
205 | signer cannot be found. | |
206 | .PP | |
207 | Care should be taken when modifying the default verify behaviour, for example | |
208 | setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification | |
209 | and any signed message will be considered valid. This combination is however | |
210 | useful if one merely wishes to write the content to \fBout\fR and its validity | |
211 | is not considered important. | |
212 | .PP | |
213 | Chain verification should arguably be performed using the signing time rather | |
214 | than the current time. However since the signing time is supplied by the | |
215 | signer it cannot be trusted without additional evidence (such as a trusted | |
216 | timestamp). | |
217 | .SH "RETURN VALUES" | |
8b0cefbb JR |
218 | .IX Header "RETURN VALUES" |
219 | \&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative | |
984263bc MD |
220 | value if an error occurs. |
221 | .PP | |
8b0cefbb | 222 | \&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. |
984263bc | 223 | .PP |
8b0cefbb | 224 | The error can be obtained from \fIERR_get_error\fR\|(3) |
984263bc | 225 | .SH "BUGS" |
8b0cefbb | 226 | .IX Header "BUGS" |
984263bc MD |
227 | The trusted certificate store is not searched for the signers certificate, |
228 | this is primarily due to the inadequacies of the current \fBX509_STORE\fR | |
229 | functionality. | |
230 | .PP | |
231 | The lack of single pass processing and need to hold all data in memory as | |
232 | mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. | |
233 | .SH "SEE ALSO" | |
74dab6c2 | 234 | .IX Header "SEE ALSO" |
8b0cefbb JR |
235 | \&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3) |
236 | .SH "HISTORY" | |
984263bc | 237 | .IX Header "HISTORY" |
8b0cefbb | 238 | \&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 |