From:	Reif Peter	Date:	Thu Jul  3 06:52:45 2008
Subject:	AW: sign string with certificate

> On Mon, 30 Jun 2008 16:33:32 +0200, peter.reif@wien.gv.at 
> ("Reif Peter")
> wrote:
> 
> >How do I write a script in perl that signs a string with a 
> certificate
> >(e.g. a SSL server certificate) to get a pkcs7 signature. I 
> want a pkcs7
> >signature, because it contains the signing certificate and the ca.
> >
> >Thanks
> >Peter
> 
> I'm no expert at this, but can't you just take the older x509 scripts
> and replace x509 with pkcs7 ?
> 
> This shell outline works, but I don't know if it's correct use.
> ##################################################
> #!/bin/sh
> 
> #Step one - create the key and request:
> openssl req -new > new.cert.csr
> 
> #Step two - remove the passphrase from the key (optional):
> openssl rsa -in privkey.pem -out new.cert.key
> 
> #Step three - convert request into signed cert:
> openssl pkcs7 -in new.cert.csr -out new.cert.cert -req -signkey
> new.cert.key -days 3650
> ###################################################
> 
> Now you can try to get this to run in Perl thru IPC, but it may be 
> tough. You may need to run openssl thru expect.
> 
Thanks, but I don't want to create a certificate, I want to sign a
string with an certifikate. I can do this with

  openssl rsautl -sign

But then I have a signed string, but the Information about the signing
certificate ist lost. If I had a pkcs7 certificate as the result of the
signing process, the sigining certificate would be included in the
result.

Peter