On Wed, Nov 23, 2005, john guerrero wrote: > i have a signature that fails verification. > > openssl dgst -sha1 -verify public.pem -signature sigfile myfile > Verification Failure > > this one particular pair (sigfile, myfile) fails verification out of a > group of 500,000 pairs which all succeed. > > there are at least 2 possbilities for this that i can think of: > 1. it was signed with a different key > 2. something corrupted the variable holding the signature before it made > it to disk > > is there some way of looking at the hex of the signature and > distinguishing between these 2 possibilities? > > i have enough other checks to verify that the file and signature were > not tampered with since they were originally written. >
Try: openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse if you get an error message about invalid block type it could be the wrong key or possibly a corrupted signature. Otherwise if you get some readable output it will tell you the digest it is expecting to see. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
