On Mon, Jan 16, 2006, David Gianndrea wrote: > Im trying to generate sha1 digests of some config files using > a private key, and then use the verify option and the public > key to confirm the signed digest file. Here are the 2 commands > I used. > > c:\apache\bin\openssl dgst -sha1 -out c:\apache\sigs\httpd.conf.sha1 > -sign c:\apache\sigs\sigs.dat -passin pass:somepassword > c:\apache\conf\httpd.conf > > then > > c:\apache\bin\openssl dgst -sha1 -verify c:\apache\sigs\sigs.crt > -signature c:\apache\sigs\httpd.conf.sha1 c:\apache\conf\httpd.conf > > every time I try to do the verify it complains that... > > C:\Apache\sigs>c:\apache\bin\openssl dgst -sha1 -d -verify > c:\apache\sigs\sigs.crt -signature c:\apache\sigs\httpd.conf.sha1 > c:\apache\conf\httpd.conf > unable to load key file > BIO[00901800]:Free - FILE pointer > > > This sounds like I don't understand something about the -verify > option. If I use the private key it works as expected. The only other > thing that I can think of that may be mucking up the works is that > this is a self signed cert. > >
The -verify option uses public keys not certificates. You can extract the public key from a certificate using the 'x509' utility. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
