Heh,
Figures… My first post is adequately explained… in the man pages of 'rsautl':
The signature can be analysed with:
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
The surprise (to me) was that *an ASN1 structure* was what was encoded, not just the raw digest info. Hadn't run across the DigestInfo structure before in my travels. Now I know.
Hope this helps the next n00b! :-)
rnd
-----Original Message-----
From: Diffenderfer, Randy
Sent: Thursday, March 16, 2006 11:29 AM
To: 'openssl-users@openssl.org'
Subject: Using OpenSSL Command Line Apps To Generate Signed Digests
Folks,
I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects.
Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with no problem. Given a canonical text file, I can reproduce the digest that I abstract from the PKCS7 structure I generate by using the 'smime' app to create a signed email object. That's all fine in that direction.
However, when I try to reverse this operation, I don't have the same success. Given the binary signature bits from a PKCS7 object, I'd like to be able to recover the digest. I have any/all keys in any/all variations… :-) Using the 'rsautl' app has not gotten me anywhere.
I also have had no joy in figuring out how to use the 'rsautl' app to "sign" (encrypt, as I understand it) a digest created by 'dgst'.
I have looked in the archives, but didn't see anything on point to what I'm trying to do.
Thanks,
rnd
