> From: owner-openssl-us...@openssl.org On Behalf Of Jeff Strope > Sent: Thursday, 01 October, 2009 18:41
> I've been given an X509 signing certificate that I'm storing > in base64 > format along with a SHA1 w/ RSA signature. How do I verify that > signature against the signing certificate via openssl? Any > help would be > appreciated. > Assuming you mean a (detached) SHA1-RSA-PKCS1 signature of some data using/under the RSA key(pair) attested to in the certificate: If your base64 cert has or you add the PEM label lines, and you have or can get the (exact/raw) data in one file, and the bare RSA signature (no OID etc.) in another, openssl x509 <certfile -pubkey -noout >pubkeyfile openssl sha1 <data -verify pubkeyfile -signature sigfile For some limited variations, man dgst or just openssl dgst -? also rsautl similarly. Otherwise ask a more complete question. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
