> From: owner-openssl-us...@openssl.org On Behalf Of tera tellence > Sent: Friday, 03 September, 2010 04:13
> I have to sign a message with a private key using the sha1 > with RSA using the Java JCE(Bouncy Castle engine) on System A. > I then have to pass the public key, the original message and > the signature to System B which uses OpenSSL to verify the signature. > At the openSSL end, I use: > openssl dgst -sha1 -verify pubkey.pem -signature s.sign data.sha1 > Where: pubkey.pem is the public key I pass as a PEM format. > s.sign= signature in hex format( here I am not sure what format to use) > data.sha1= I get send the original message to system B as > a hex string. At System B I compute the sha1 digest of this hex > string and store it at data.sha1 to verify. dgst -verify computes the specified (or default md5) hash of the data you give it, and then verifies that matches the signature. If you give it a hash of the data, hashing that again will give totally wrong and useless results. > However the verification always fails. > With this regard, what are the expected formats of the files? For dgst -verify the pubkey defaults to PEM, and can also support DER although the help message doesn't say so. The signature is binary. dgst -sign can write binary or hex (with a misleading label) but dgst -verify -signature reads only binary. > Is there a way to use a hex file for data and signature? > or even a base64 encoded signature and data for verification? There is no specific hex option here, and I don't know any general way in openssl. You may have other tools available. For base64, enc -base64 [-e]|-d (or shorthand base64 [-e]|-d) can en-base64 and de-base64 any data, as a separate step. So if you have base64 data in file(s), just decode it/them to (an)other file(s), and use that/those file(s). But you need the actual data, not its hash. If you only have a (purported) hash, for an RSA signature you can recover the signed value (which includes the original hash) with rsautl -verify, and then compare that with the purported hash, either manually or with asn1parse -strparse and cmp or fc/b. But the point of verifying a signature is to assure the integrity and/or authenticity of the signed data, so if you didn't compute the hash on the data you're going to use, this is a waste of time. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
