• 
• Home
• About the IETF
• Mission
• Standards Process
• Note Well
• NomCom
• Blog
• Info for Newcomers
• Internet-Drafts
• Datatracker
• Search
• Submit
• RFC Pages
• Search RFC Ed Index
• RFC Editor Queue
• IANA Pages
• Protocol Parameters
• Working Groups
• WG Charters
• Email Lists
• WG Chairs' Page
• Resources
• Community Tools
• Tools Team Pages
• Edu Team Pages
• Tutorials
• Wikis
• Meetings
• Upcoming Meetings
• Past Meetings
• Interim Meetings
• Important Dates
• Proceedings
• Mailing Lists
• Announcement Lists
• Discussion Lists
• Non-WG Lists
• IESG
• Announcements
• Statements
• Members
• Minutes
• IPR
• IPR Policy
• File a Disclosure
• Disclosure Search
• Liaisons
• Liaison Statements
• Liaison Managers
• Contact
• IETF Secretariat^®
• Media
• Subpoenas
• Report Web Site Errors
• Customize View
  
• Brief
• Normal
• Extended
• Advanced
• (Requires Javascript)

Internet Draft Signatures

OpenSSL can be used to validate the digital signatures on signed Internet-Drafts. Once you have installed OpenSSL, the Comodo root certificate is needed. It can be downloaded from this page, or you can extract it from your own trusted root store and convert it to the needed PEM format using the following command:

openssl x509 -in comodo.cer -inform DER -out comodo.pem

The digital signature is stored in a file with the same name as the Internet-Draft followed by a .p7s file extension. For example:

Internet-Draft: draft-ietf-example-widgets-03.txt
Signature File: draft-ietf-example-widgets-03.txt.p7s

Internet-Draft: draft-ietf-example-widgets-03.ps
Signature File: draft-ietf-example-widgets-03.ps.p7s

Internet-Draft: draft-housley-internet-draft-sig-file-00.txt
Signature File: draft-housley-internet-draft-sig-file-00.txt.p7s

Once you have the comodo.pem file, the Internet-Draft, and the companion signature file, the following OpenSSL command can be used to validate the digital signature:

openssl cms -verify -CAfile comodo.pem -content <id-file-name> -inform DER \

     -in <sig-file-name> -out /dev/null

You can download a copy of the Comodo root certificate from here.

You can download a copy of the Comodo root certificate in PEM format from here.

 

NOTE WELL: The IETF, AMS (the IETF Secretariat), and other related bodies can not provide technical support to end users with respect to the use of OpenSSL, the validation of digital signatures, or any other type of desktop support.  The presence of draft signatures and public certificates on this website does not imply any type of support service availability. Users needing assistance in configuring or using OpenSSL, or solving computer problems of any kind should contact their own IT personnel, the many reference materials for OpenSSL and/or other encryption tools available elsewhere, or a professional paid computer support service.

Home - Tools Team - Datatracker - Web Site Usage Stats - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - IETF Journal - Store - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.