openssl smime_如何使用OpenSSL验证AS2消息（SMIME）签名

openssl smime

by Rajind Ruparathna

通过拉金德·鲁帕拉特纳(Rajind Ruparathna)

如何使用OpenSSL验证AS2消息(SMIME)签名 (How to verify AS2 message (SMIME) signatures with OpenSSL)

Error MDNs stating an error in the lines of “Signature verification failed” or “Decryption failed” are common for users who are just getting started with AS2 in any AS2 service. We have seen many such instances in our SaaS B2B AS2 messaging platform the AdroitLogic AS2Gateway. With these kinds of errors, sometimes, it is important for the support team and also the user to be able to try the decryption or signature verification manually to get more insight.

在任何AS2服务中刚开始使用AS2的用户中，在“签名验证失败”或“解密失败”行中指出错误的错误MDN很常见。 我们在SaaS B2B AS2消息传递平台AdroitLogic AS2Gateway中看到了许多这样的实例。 有时，由于这些类型的错误，对于支持团队以及用户来说，能够手动尝试解密或签名验证以获取更多见解非常重要。

In this blog post, we will look at what the digital signature in AS2 protocol is, how to verify the signature of an AS2 message, and some tips on figuring out the cause for certain signature verification failures.

在此博客文章中，我们将研究AS2协议中的数字签名是什么，如何验证AS2消息的签名以及有关找出某些签名验证失败原因的一些技巧。

AS2协议中的签名 (Signature in AS2 Protocol)

AS2 signature is essentially a digital signature which provides authentication, data integrity and non-repudiation to the AS2 communication.

AS2签名本质上是一种数字签名，它为AS2通信提供身份验证，数据完整性和不可否认性。

• Authentication — Ensures that the receiver is transacting with the sender that he/she was meant to transact with (and not an impostor)
  身份验证-确保接收者正在与发件人进行交易，而发件人应与其进行交易(而不是冒充者)
• Data Integrity — Determines whether the file or data the receiver got was altered along the way
  数据完整性-确定接收方收到的文件或数据是否在更改过程中被更改
• Non-Repudiation — Prevents the sender from denying that the messages they sent originated from them
  不可否认性-防止发件人否认他们发送的消息源自他们

As shown in the above figure, the sender’s private key is used when generating the signature, and thus for verification the sender’s public key is used.

如上图所示，在生成签名时使用发件人的私钥，因此，为了进行验证，使用了发件人的公钥。

让我们开始工作吧！ (Let’s Get to Work!)

For demonstration purposes, we will be using an incoming AS2 message to the AS2Gateway. Since we are only focusing on signature verification in this blog post, the incoming AS2 message will not be encrypted or compressed. If you want to try this out with encryption, please take a look at my previous article on decrypting AS2 message with OpenSSL.

出于演示目的，我们将使用传入的AS2消息到AS2Gateway。 由于我们在此博文中仅关注签名验证，因此传入的AS2消息将不会被加密或压缩。 如果您想通过加密尝试一下，请查看我以前的文章《