Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Actually, it all works just fine. Viktor's point about adding terminating "\n" to the input text helped. -BEGIN PRIVATE KEY- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/AtcEVcrXhr9qV3axZDMXRXsWTxFnhO /lRK8RpfGoGIhgCKkuNswy/DUjka0x03HymD7HwWhaNgsuvon+zWlSNTIV3t/WU4 093DlykKgDwEPym3UXHIgAecEAsYvm/YeYtM8NsHF2tzr40dKxA460lO/P8Vr7rL df+AF9sNyfNFR81KBtPp2aqvZVXabHQrIZEpoZLrkz6uCObmyPiFx2m59Y3nXQV2 Fac8DuATAgEDAoIBAQCEY6VDdXXX9te03f73N8eMPp5AoElJbVwEE39eUgQAIwJe ewtmfplE/dTUSGLbJ9YtM+sTQMPIBa2xkIZlU47UF3mgyfjDfM2RcZfPh0nV+AA2 9/VzoC49yPrypG5PnLmCIPg6dkNLZFA0qY2HS2bqEauwWVWxt0JIgh/XjCYR4OYZ y7unFj5XnW93cAfL9U8CZPonO6iHCB14unk/UyiIHNrR41at0+qwVJYXdTFx+m0C 3KiWAwleRdVy2LBj3Fq1R3/pW3tnYTadgOInRYF4hQuF+ttIzEiuimhd6blUdMlR WWbw8xp2A8buS4DQUKz0u1OAAhDvsqfEDsWLIAq7AoGBAPHwbdW8aLN85Y3W1pYf 2ELIlV1422sH+MrKv/jqQFf9LVmiXzq2+EZiYQcSxUFp5/1OvnRIHfY2hiBtq4Ww VBq9/0u/D8Rv9bKPOvpLxYZP9FIOo8/BaLp5VV3Vz4pxVort0xHr+DfWFWH7t0cC m/3LtfC1Y7j0TKyL/soyDWzXAoGBANIf/7pM4msWM+5WtEoW17OKaE6fbHYbeG44 /C76WhRBJ5onCuz7m0tdoB9mGv+D3s8FcBojzlbDKIrZvv7XDG1rAL2x5AGKqDZP +bH5ahKJDg/tq7Sba6xqtLBMtzVqZrtDSGTUPLNkeDJM4F6rs/dK+HvEjruLhF1E ALS5UWMlAoGBAKFK8+PS8HeomQk55GQVOtcwY5Ol55yv+zHcf/tG1Y/+HjvBlNHP UC7sQK9h2NZGmqjfKaLavqQkWWrzx651jWcpVN0qCoL1TncKJ1GH2QQ1TYwJwoqA 8HxQ45Pj37Gg5FyejLadUCU5Y5anz4SsZ/6HzqB47SX4Mx2yqdwhXkiPAoGBAIwV VSbd7EdkIp7keDFkj80G8DRqSE68+vQl/XSm5rgrb7waB0invNzpFWpEEf+tPzSu SrwX3uSCGwc71KnksvOcqykhQquxxXmKpnamRrcGCV/zx8288nLxzcrdz3jxmdIs 2u3i0yJC+swzQD8dIqTcpafYXyeyWD4tVc3Q4OzDAoGBAML1gJ2slF0egQmxKSJK YktcRX4IP1rWlYClgcJ9OLAxZBFWPwW8+hsTfCDoa5WEk4+CFHZ37PyibzjGuASC UQmOZj6tVnaRkB62ExArgjzyyIMEUAbfFw4vKHe8cyF8MFC6JbTYj0EDlQtkhK65 HE0xeJjwo/swhpkBItsH0cYJ -END PRIVATE KEY- -BEGIN PUBLIC KEY- MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAxpV35TAww/JDj0z+ctOr Ul3tYPBt7iQKBh0/DXsGADSDjbiRGb3l53y/PmyUSLvBQ83gnOElrAiEiljJl/1W PiM2cS71JTs0Wipjt0ruwPQAUnPwLXBFXK14a/ald2sWQzF0V7Fk8RZ4Tv5USvEa XxqBiIYAipLjbMMvw1I5GtMdNx8pg+x8FoWjYLLr6J/s1pUjUyFd7f1lONPdw5cp CoA8BD8pt1FxyIAHnBALGL5v2HmLTPDbBxdrc6+NHSsQOOtJTvz/Fa+6y3X/gBfb DcnzRUfNSgbT6dmqr2VV2mx0KyGRKaGS65M+rgjm5sj4hcdpufWN510FdhWnPA7g EwIBAw== -END PUBLIC KEY- $ cat rsa_tst1.java import java.security.KeyFactory; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.util.Base64; public class rsa_tst1 { public static void main(String[] args) throws Exception { String input = "sample input\n"; final String strPk = "-BEGIN PRIVATE KEY-\n" + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP\n" + "TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK\n" + "WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/AtcEVcrXhr9qV3axZDMXRXsWTxFnhO\n" + "/lRK8RpfGoGIhgCKkuNswy/DUjka0x03HymD7HwWhaNgsuvon+zWlSNTIV3t/WU4\n" + "093DlykKgDwEPym3UXHIgAecEAsYvm/YeYtM8NsHF2tzr40dKxA460lO/P8Vr7rL\n" + "df+AF9sNyfNFR81KBtPp2aqvZVXabHQrIZEpoZLrkz6uCObmyPiFx2m59Y3nXQV2\n" + "Fac8DuATAgEDAoIBAQCEY6VDdXXX9te03f73N8eMPp5AoElJbVwEE39eUgQAIwJe\n" + "ewtmfplE/dTUSGLbJ9YtM+sTQMPIBa2xkIZlU47UF3mgyfjDfM2RcZfPh0nV+AA2\n" + "9/VzoC49yPrypG5PnLmCIPg6dkNLZFA0qY2HS2bqEauwWVWxt0JIgh/XjCYR4OYZ\n" + "y7unFj5XnW93cAfL9U8CZPonO6iHCB14unk/UyiIHNrR41at0+qwVJYXdTFx+m0C\n" + "3KiWAwleRdVy2LBj3Fq1R3/pW3tnYTadgOInRYF4hQuF+ttIzEiuimhd6blUdMlR\n" + "WWbw8xp2A8buS4DQUKz0u1OAAhDvsqfEDsWLIAq7AoGBAPHwbdW8aLN85Y3W1pYf\n" + "2ELIlV1422sH+MrKv/jqQFf9LVmiXzq2+EZiYQcSxUFp5/1OvnRIHfY2hiBtq4Ww\n" + "VBq9/0u/D8Rv9bKPOvpLxYZP9FIOo8/BaLp5VV3Vz4pxVort0xHr+DfWFWH7t0cC\n" + "m/3LtfC1Y7j0TKyL/soyDWzXAoGBANIf/7pM4msWM+5WtEoW17OKaE6fbHYbeG44\n" + "/C76WhRBJ5onCuz7m0tdoB9mGv+D3s8FcBojzlbDKIrZvv7XDG1rAL2x5AGKqDZP\n" + "+bH5ahKJDg/tq7Sba6xqtLBMtzVqZrtDSGTUPLNkeDJM4F6rs/dK+HvEjruLhF1E\n" + "ALS5UWMlAoGBAKFK8+PS8HeomQk55GQVOtcwY5Ol55yv+zHcf/tG1Y/+HjvBlNHP\n" + "UC7sQK9h2NZGmqjfKaLavqQkWWrzx651jWcpVN0qCoL1TncKJ1GH2QQ1TYwJwoqA\n" + "8HxQ45Pj37Gg5FyejLadUCU5Y5anz4SsZ/6HzqB47SX4Mx2yqdwhXkiPAoGBAIwV\n" + "VSbd7EdkIp7keDFkj80G8DRqSE68+vQl/XSm5rgrb7waB0invNzpFWpEEf+tPzSu\n" + "SrwX3uSCGwc71KnksvOcqykhQquxxXmKpnamRrcGCV/zx8288nLxzcrdz3jxmdIs\n" + "2u3i0yJC+swzQD8dIqTcpafYXyeyWD4tVc3Q4OzDAoGBAML1gJ2slF0egQmxKSJK\n" + "YktcRX4IP1rWlYClgcJ9OLAxZBFWPwW8+hsTfCDoa5WEk4+CFHZ37PyibzjGuASC\n" + "UQmOZj6tVnaRkB62ExArgjzyyIMEUAbfFw4vKHe8cyF8MFC6JbTYj0EDlQtkhK65\n" + "HE0xeJjwo/swhpkBItsH0cYJ\n" + "-END PRIVATE KEY-\n"; String base64Signature = signSHA256RSA(input,strPk);
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
> On Aug 1, 2018, at 12:47 PM, timmy pony wrote: > > On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni > wrote: > On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote: > > > I have tried this > > > > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 > > codeTosign.txt > > This produces raw binary output, no base64 encoding. What is the > content of the file "codeToSign.txt"? Post the output of: > > od -tx1 < /tmp/codeToSign.txt > > od -tx1 < codeToSign.txt > 00073 61 6d 70 6c 65 20 69 6e 70 75 74 0a > 015 As expected, the disk file has a newline ending (0x0a) after the input string. > > public class SHA256RSA { > > > > public static void main(String[] args) throws Exception { > > String input = "sample input"; > > This input has no newline ending, perhaps the disk file does. The input string signed by the Java code does not. The signatures are therefore *expected* to be different. Either include a newline in the Java string, or create an input file with no newline ending. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Hi Vicktor - I put a '\n' at end of java snippet Both are now equal Thank you for your help. On Wed, Aug 1, 2018 at 5:47 PM timmy pony wrote: > Hi Vicktor, Speed read the previous mail. > > > > On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni > wrote: > >> On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote: >> >> > I have tried this >> > >> > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 >> codeTosign.txt >> >> This produces raw binary output, no base64 encoding. What is the >> content of the file "codeToSign.txt"? Post the output of: >> >> od -tx1 < /tmp/codeToSign.txt >> > > od -tx1 < codeToSign.txt > > 00073 61 6d 70 6c 65 20 69 6e 70 75 74 0a > > 015 > > >> >> > public class SHA256RSA { >> > >> > public static void main(String[] args) throws Exception { >> > String input = "sample input"; >> >> This input has no newline ending, perhaps the disk file does. >> >> > // Not a real private key! Replace with your private key! >> > String strPk = "-BEGIN PRIVATE >> KEY-\nMIIEvwIBADANBgkqhkiG9" >> > + "w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUGqaRB11KjxQ\nKHDeG" >> > + >> "" >> > + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/RZq0+y/36v83NGENQ==\n" >> > + "-END PRIVATE KEY-\n"; >> >> I sure hope your production code will *NOT* have the private key >> embedded in the executable. >> >> > String base64Signature = signSHA256RSA(input,strPk); >> > System.out.println("Signature="+base64Signature); >> >> This outputs a signature encoded in base64. >> >> -- >> Viktor. >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Hi Vicktor, Speed read the previous mail. On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni wrote: > On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote: > > > I have tried this > > > > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 > codeTosign.txt > > This produces raw binary output, no base64 encoding. What is the > content of the file "codeToSign.txt"? Post the output of: > > od -tx1 < /tmp/codeToSign.txt > od -tx1 < codeToSign.txt 00073 61 6d 70 6c 65 20 69 6e 70 75 74 0a 015 > > > public class SHA256RSA { > > > > public static void main(String[] args) throws Exception { > > String input = "sample input"; > > This input has no newline ending, perhaps the disk file does. > > > // Not a real private key! Replace with your private key! > > String strPk = "-BEGIN PRIVATE > KEY-\nMIIEvwIBADANBgkqhkiG9" > > + "w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUGqaRB11KjxQ\nKHDeG" > > + > "" > > + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/RZq0+y/36v83NGENQ==\n" > > + "-END PRIVATE KEY-\n"; > > I sure hope your production code will *NOT* have the private key > embedded in the executable. > > > String base64Signature = signSHA256RSA(input,strPk); > > System.out.println("Signature="+base64Signature); > > This outputs a signature encoded in base64. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
> On Aug 1, 2018, at 12:14 PM, timmy pony wrote: > > Thanks Viktor, > for assistance . > The embedded private key "skeleton" is only for visualisation purposes; No it > will not. > > > the openssl command returns binary. > so i can do .But they are still coming out different. > > openssl base64 -in /tmp/sign.sha256 -out Please re-read my previous post and respond to *all* the points. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Thanks Viktor, for assistance . The embedded private key "skeleton" is only for visualisation purposes; No it will not. the openssl command returns binary. so i can do .But they are still coming out different. openssl base64 -in /tmp/sign.sha256 -out On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni wrote: > On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote: > > > I have tried this > > > > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 > codeTosign.txt > > This produces raw binary output, no base64 encoding. What is the > content of the file "codeToSign.txt"? Post the output of: > > od -tx1 < /tmp/codeToSign.txt > > > public class SHA256RSA { > > > > public static void main(String[] args) throws Exception { > > String input = "sample input"; > > This input has no newline ending, perhaps the disk file does. > > > // Not a real private key! Replace with your private key! > > String strPk = "-BEGIN PRIVATE > KEY-\nMIIEvwIBADANBgkqhkiG9" > > + "w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUGqaRB11KjxQ\nKHDeG" > > + > "" > > + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/RZq0+y/36v83NGENQ==\n" > > + "-END PRIVATE KEY-\n"; > > I sure hope your production code will *NOT* have the private key > embedded in the executable. > > > String base64Signature = signSHA256RSA(input,strPk); > > System.out.println("Signature="+base64Signature); > > This outputs a signature encoded in base64. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote: > I have tried this > > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 codeTosign.txt This produces raw binary output, no base64 encoding. What is the content of the file "codeToSign.txt"? Post the output of: od -tx1 < /tmp/codeToSign.txt > public class SHA256RSA { > > public static void main(String[] args) throws Exception { > String input = "sample input"; This input has no newline ending, perhaps the disk file does. > // Not a real private key! Replace with your private key! > String strPk = "-BEGIN PRIVATE KEY-\nMIIEvwIBADANBgkqhkiG9" > + "w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUGqaRB11KjxQ\nKHDeG" > + "" > + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/RZq0+y/36v83NGENQ==\n" > + "-END PRIVATE KEY-\n"; I sure hope your production code will *NOT* have the private key embedded in the executable. > String base64Signature = signSHA256RSA(input,strPk); > System.out.println("Signature="+base64Signature); This outputs a signature encoded in base64. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Java Snippet output is not equal to command line openssl command output , Why ?
Hi, Could some openssl expert please advise ? Trying to get the equivalent Openssl command-line version of the following java snippet. I have tried this openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 codeTosign.txt But the the results do not match ? ``` From: "tim.fortinbras" To: openssl-users@openssl.org Cc: Bcc: Date: Tue, 31 Jul 2018 06:48:59 -0700 (MST) Subject: Looking for exact openssl commands to do the following from command line ? import java.security.KeyFactory; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.util.Base64; public class SHA256RSA { public static void main(String[] args) throws Exception { String input = "sample input"; // Not a real private key! Replace with your private key! String strPk = "-BEGIN PRIVATE KEY-\nMIIEvwIBADANBgkqhkiG9" + "w0BAQEFAASCBKkwggSlAgEAAoIBAQDJUGqaRB11KjxQ\nKHDeG" + "" + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/RZq0+y/36v83NGENQ==\n" + "-END PRIVATE KEY-\n"; String base64Signature = signSHA256RSA(input,strPk); System.out.println("Signature="+base64Signature); } // Create base64 encoded signature using SHA256/RSA. private static String signSHA256RSA(String input, String strPk) throws Exception { // Remove markers and new line characters in private key String realPK = strPk.replaceAll("-END PRIVATE KEY-", "") .replaceAll("-BEGIN PRIVATE KEY-", "") .replaceAll("\n", ""); byte[] b1 = Base64.getDecoder().decode(realPK); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1); KeyFactory kf = KeyFactory.getInstance("RSA"); Signature privateSignature = Signature.getInstance("SHA256withRSA"); privateSignature.initSign(kf.generatePrivate(spec)); privateSignature.update(input.getBytes("UTF-8")); byte[] s = privateSignature.sign(); return Base64.getEncoder().encodeToString(s); } } -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users