> From: owner-openssl-us...@openssl.org On Behalf Of Lukas Haase > Sent: Tuesday, 25 June, 2013 19:13
> I have the public and the private key for ECDSA on secp128r1 in a file > stored in PKCS8 format (saved with Crypto++; it is PKCS8 according to > the Docu). > > I can create a signature without an error but unfortunately it is not > validated successfully with my Crypto++ app: > > $ cat testakt.txt | openssl dgst -ecdsa-with-SHA1 -sign test.key > -keyform DER >act.bin > > On the other hand, if I want to check a signature, I cannot even open > the (public) key file: > > $ cat testakt.txt | openssl dgst -sha1 -verify activation.pub > -signature act.bin > unable to load key file > What exactly is in activation.pub? If it's a public-key-only (aka public half, suitable for distribution), it can't be PKCS8; the most common format for public is X.509 SubjectPublicKeyInfo, which openssl calls PUBKEY. If that file is PUBKEY in PEM that command should work; if it is PUBKEY in DER you need -keyform der; if it's not PUBKEY at all explain what it is. If it's actually a keypair (private+public) in PKCS8 and you want to use the public half to verify, use -prverify. > Though I am not sure I assume that openssl does not accept PKCS8. > > Can anyone tell me how openssl can read PKCS8 or if the problem is > somewhere else? > OpenSSL can read and write clear and encrypted PKCS8 in PEM or DER, in library and commandline pkcs8 (since a long time) and the pkey* utilities (since 1.0.0). Commandline dgst can read either PEM or clear DER, but only when expecting a private key/keypair, which it is for -sign and -prverify but not -verify. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org