How to verify a file and a p7s detached signature with openssl?

Question

Would be possible to validate a file with p7s detached signature? I'm trying to do that using Openssl, but I got a default message about openssl and unknown option -verify

here is my command:

openssl pkcs7 -inform DER -verify -noverify -in file.docx.p7s -out file.docx

is this possible to do a file verification and p7s signature using openssl?

-- edit...

Just to let you know. I got an p7s file with an pdf file. I'd like to know how to validate that.

Answer 1

Finally, I understand a litte bit about p7s file. This is pretty common to securing e-mail messages, but, I can use p7s files, that contains an PKCS#7 detached signatures with an certificate, to ensure the veracity of a file.

So, I sepparate my explanation, in parts to get easy to explain what I'm doing here. Please, correct me if there's something wrong!

First, Initial Config:

1. create private key and certificate

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Second, Creating an p7s File

1. Run the command below to sign an pdf file, with private key, certificate and generate an p7s file that contains a signed hash of file and the certificate

openssl smime -sign -in test.pdf -inkey key.pem -outform DER -binary -signer cert.pem -out test.pdf.p7s

Finally, Verifying p7s File

1. Now, I have to extract pkcs7 signature from p7s file

openssl pkcs7 -inform der -in test.pdf.p7s -out test.pdf.pkcs7

2. After that, I extracted the certificate from pkcs7 file

openssl pkcs7 -print_certs -in test.pdf.pkcs7 -out test.pdf.pkcs7.cert

3. Then, verify pkcs7, certificate and file together. Just to validate if that file belongs to that certificate

openssl smime -verify -binary -inform PEM -in test.pdf.pkcs7 -content test.pdf -certfile test.pdf.pkcs7.cert -nointern -noverify > /dev/null