Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CMS routines:CMS_add1_signer:no default digest #117

Open
nl6720 opened this issue Jul 9, 2024 · 0 comments
Open

CMS routines:CMS_add1_signer:no default digest #117

nl6720 opened this issue Jul 9, 2024 · 0 comments

Comments

@nl6720
Copy link

nl6720 commented Jul 9, 2024

When using openssl cms to sign a file, it fails with 40E7DCBC0B770000:error:17000080:CMS routines:CMS_add1_signer:no default digest:crypto/cms/cms_sd.c:390:pkey nid=6 unless the -md option is specified.

  1. Create TPM-backed CMS cert & key (I used a script).
  2. Sign a file:
$ echo 1 > testdata
$ openssl cms -sign -provider tpm2 -provider default -propquery '?provider=tpm2' -binary -nocerts -noattr -outform DER -out testdata.cms.sig -in testdata -signer testcert.pem -inkey testkey.pem
40E7DCBC0B770000:error:17000080:CMS routines:CMS_add1_signer:no default digest:crypto/cms/cms_sd.c:390:pkey nid=6

This does not happen with non-TPM keys and the digest algorithm of the key is correctly used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nl6720