From: "MartinBosslet (Martin Bosslet)" Date: 2012-06-11T01:05:29+09:00 Subject: [ruby-core:45551] [ruby-trunk - Bug #6122][Closed] OpenSSL::PKCS7 verify Issue #6122 has been updated by MartinBosslet (Martin Bosslet). Status changed from Assigned to Closed Hi Justin, The behavior you encountered is not an error. When you sign the PKCS7, the signing certificate will be included in the resulting SignedData structure. You can see that: def decrypt_verify(received, obj_cert, ca_cert) encrypted = OpenSSL::PKCS7.new(received) decrypted = encrypted.decrypt(@key, @cert) signed = OpenSSL::PKCS7.new(decrypted) cert_store = OpenSSL::X509::Store.new.add_cert(ca_cert) signed.certificates.each { |c| p c } # => the signing certificate is in there plain = signed.data if signed.verify([obj_cert], cert_store) end When the PKCS7 is verified later on, OpenSSL will at first look through the certificates you provided and then look in the SignedData itself if it can find the signing certificate there. It does, so it ignores your additional certificate. With the signing certificate included, signed.verify(nil, cert_store) will also succeed, and this is expected. If you want it to behave differently, you may either use the flags as in your second example, or you might sign the data without including the signing certificates. Regarding the time issue, you ran into the Y2K38 problem there. This shouldn't be a problem anymore with your Ruby version, and it works on my Linux machine, could be that it is a problem specific to Windows. I'll close this issue and open a separate one for the time problem as they are not related. ---------------------------------------- Bug #6122: OpenSSL::PKCS7 verify https://bugs.ruby-lang.org/issues/6122#change-27148 Author: mghomn (Justin Peal) Status: Closed Priority: High Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 ruby -v: ruby 1.9.3p125 (2012-02-16) [i386-mingw32] # not_after can not later than 2038-01-19 11:14:07 # verify can pass wrong certificate require 'OpenSSL' class Rsa attr_reader :key, :cert @@sha = OpenSSL::Digest::SHA1.new @@aes = OpenSSL::Cipher.new("aes-128-ofb") def initialize serial, issuer=nil @key = OpenSSL::PKey::RSA.new(1024) @cert = OpenSSL::X509::Certificate.new @cert.version = 2 # RFC 5280 - v3 @cert.serial = serial @cert.subject = OpenSSL::X509::Name.parse "CN=#{serial}" @cert.issuer = issuer==nil ? @cert.subject : issuer @cert.public_key = @key.public_key @cert.not_before = Time.now @cert.not_after = Time.mktime(2038, 1, 19, 11, 14, 7) # second = 8 ==> Fail! @cert.sign(@key, @@sha) if issuer==nil end def sign key @cert.sign(key, @@sha) end def sign_encrypt(plain, obj_cert) signed = OpenSSL::PKCS7::sign(@cert, @key, plain) encrypted = OpenSSL::PKCS7::encrypt([obj_cert], signed.to_s, @@aes) end def decrypt_verify(received, obj_cert, ca_cert) encrypted = OpenSSL::PKCS7.new(received) decrypted = encrypted.decrypt(@key, @cert) signed = OpenSSL::PKCS7.new(decrypted) cert_store = OpenSSL::X509::Store.new.add_cert(ca_cert) plain = signed.data if signed.verify([obj_cert], cert_store) end end ca = Rsa.new(1) alice = Rsa.new(11, ca.cert.issuer) alice.sign ca.key right = Rsa.new(12, ca.cert.issuer) right.sign ca.key fa = Rsa.new(3) wrong = Rsa.new(33, fa.cert.issuer) # wrong.sign fa.key # Don't sign indeed! plain = "Something's wrong." signed_encrypted = right.sign_encrypt(plain, alice.cert) recovered = alice.decrypt_verify(signed_encrypted, wrong.cert, ca.cert) # wrong should be right puts recovered==plain ? recovered : "It's okay!" -- http://bugs.ruby-lang.org/