I've been using the following to correctly verify S/MIME documents with SHA1 signatures, but I recently have come upon the need to do the same with SHA256 signatures as SHA1s have been shown to be insecure.
# openssl smime -verify -noverify -inform SMIME -certfile cert.pem -in rawfile.txt -out verified.txt
Has anyone done this? I've tried adding switches:
openssl sha -sha256
As was suggested when verifying just the digest files, but it throws an error.
Ultimately I'm looking to do this via PHP with something like openssl_pkcs7_verify, but I've not gotten even the commandline to work, yet so I'm stumped.
This is on centOS, OpenSSL 1.0.1e-fips 11 Feb 2013
It turns out that openssl is able to determine its sha256 and verify without a switch, if your version of openssl supports sha256.