Here is how to reproduce: // Version (In a MAC) $ openssl version OpenSSL 0.9.8r 8 Feb 2011
// Create the public key $ echo "-----BEGIN PUBLIC KEY----- MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGLgfmIN4O+aqfPGN1BkWW1hzCdj XqozEKyFnOTWCyp+H301nILC6JFV1WAEQnCZE/B8VTArlSYnOySU+MjU11jRSYTz nHokHLhCVkH/o/4ZqL1s0rtoJ62f6Loc3mZHRX7l2PJGTXNQJGTNRTh1kdJthA3S LMwa4ReOEyjIG7e7AgMBAAE= -----END PUBLIC KEY-----" > test.pub // Create a file to verify his signature $ echo -n "1327943790" > test_err.txt // Create a file with signature $ echo "SEjTquEPcqY0V90KYvDi7ofGiKlc53T4XzHwHtIgcN5wuOg4JxffK trLN9Tq+8c/045m15JXULJUMkN7fdDUqtxFyIBSEt4nqhvZgLDVQBIBXJRF8 c32CBaLsG837hZra8/nD5b4T+sCyEXRUMmcfflhJiMIr7l72sOxgRmzTw==" > test_err.sig.64 $ base64 -D -i test_err.sig.64 -o test_err.sig // If you check it: $ openssl dgst -sha1 -verify test.pub -signature test_err.sig test_err.txt Verification Failure // It should say OK // If we do it manualy we can see that the signature is ok: // Create a digest sha1 $ openssl dgst -sha1 -binary -out test_err.sha1 test_err.txt // Now we create the veriication: $ openssl rsautl -verify -inkey test.pub -pkcs -pubin -in test_err.sig -out test_err.sha1.calc $ hexdump test_err.sha1 0000000 d8 44 89 0c 34 cb 0d 64 23 28 56 56 85 25 c8 46 0000010 f4 e8 f8 3d 0000014 $ hexdump test_err.sha1.calc 0000000 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 d8 0000010 44 89 0c 34 cb 0d 64 23 28 56 56 85 25 c8 46 f4 0000020 e8 f8 3d 0000023 // You can see that the last bytes (the dgst) are the same. // With this other set of data with the same public key, works OK ( I attach it to see that the dgsts are the same way generated. // Generate of another data $ echo -n "1327943823" > test_ok.txt // Generate of the signature file $ echo "GURbsl4CFPCG83RCZxsEpoRleXicXQhH1OC4Fk77b7EMj2g8aHUhD/L+sm oGSVpuEwup1fmkZBADXwBel8UKsmxgTLRX+vlGgyTr1XPqqHFNjtL33fd5 7NuKBqaJjwSp7D5xVMeVdQtQQbsKuKx5AvOPPyZfdtdyoJw/all1tl4=" > test_ok.sig.64 $ base64 -D -i test_ok.sig.64 -o test_ok.sig // Normal verification $ openssl dgst -sha1 -verify test.pub -signature test_ok.sig test_ok.txt Verified OK // With this set it works ok // Digest creation $ openssl dgst -sha1 -binary -out test_ok.sha1 test_ok.txt // Digest verification $ openssl rsautl -verify -inkey test.pub -pkcs -pubin -in test_ok.sig -out test_ok.sha1.calc $ hexdump test_ok.sha1 0000000 08 a8 55 9c d4 43 f9 cb ec 9f 04 f4 f2 dc aa 1f 0000010 7f e9 e1 11 0000014 $ hexdump test_ok.sha1.calc 0000000 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 08 0000010 a8 55 9c d4 43 f9 cb ec 9f 04 f4 f2 dc aa 1f 7f 0000020 e9 e1 11 0000023 // You can see that in the last bytes, are the same byes, and the header is the same that in the non working data. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
