Actually, I found that if I use : openssl dgst -sha1 -verify "pubkey" -signature "signature_file" -binary "original_file" works.
Provided that I signed with : openssl dgst -sha1 -sign "privkey" "original file" . This is what I did with a testfile which i generated to test this process. I'm actually trying to verify a signature of an OCSP request. The most confusing part is, with a signed OCSP request, I'm not sure which portion of the request I should consider as the "original file", and which portion from within the OCSP request (a certain BIT STRING) represents the signature ( "signature_file") of the request . This is the most difficult part, and I'm looking into RFC 2560 for hints. I've done an asn1parse on the whole OCSP request, and I'm looking into where I make the extraction of the signature and the "original file". In the case of OCSP requests, the "original file" is most certainly NOT the whole binary file!! Does anyone have any hints for me? Regards, - HC ----- Original Message ----- From: "Nils Larsch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 02, 2003 6:13 PM Subject: Re: Signature Verification problem > Howard Chan wrote: > .... > > What about using the openssl commands? ie. x509, rsautl, dgst, etc. Can I > > do all that I specified below strictly using those openssl commands? If so, > > how? > > 'openssl rsautl -pubin -verfiy ...' didn't work ? > > Regards, > Nils > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
