From: owner-openssl-us...@openssl.org On Behalf Of Jeff Strope
Sent: Thursday, 01 October, 2009 18:41
I've been given an X509 signing certificate that I'm storing
in base64
format along with a SHA1 w/ RSA signature. How do I verify that
signature against the signing certificate via openssl? Any
help would be
appreciated.
Assuming you mean a (detached) SHA1-RSA-PKCS1 signature of some data
using/under the RSA key(pair) attested to in the certificate:
If your base64 cert has or you add the PEM label lines,
and you have or can get the (exact/raw) data in one file,
and the bare RSA signature (no OID etc.) in another,
openssl x509 certfile -pubkey -noout pubkeyfile
openssl sha1 data -verify pubkeyfile -signature sigfile
For some limited variations, man dgst or just openssl dgst -?
also rsautl similarly. Otherwise ask a more complete question.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org