> From: owner-openssl-us...@openssl.org On Behalf Of luis hernandez
> Sent: Thursday, 31 March, 2011 16:07
> it did not work:
> $cat signedbase64string.txt | openssl enc -base64 -d -A -out seal
> $cat stringtosign.xt | openssl dgst -md5 -verify cert.pem
-signature seal
> $unable to load key file
There shouldn't be a '$' there.
For this operation (dgst -verify) you (unusually) need just the
publickey not the/a cert. If you have the publickey in a file,
by itself or with the cert as you showed before, use that.
(And make durn sure the publickey (file) you have is authentic;
if an attacker can substitute it, your security is toast.)
Otherwise, if you have the cert, do something like
openssl x509 -in cert.pem -pubkey -noout -out pubkey.pem
and use that resulting file for dgst -verify.
And preferably validate the cert as well.
> Subject: Re: Verify signed text
> From: w...@omnigroup.com
> Date: Wed, 30 Mar 2011 10:12:45 -0700
> On 30 Mar 2011, at 9:59 AM, luis hernandez wrote:
> > i get a file with a signed base64 string produced using the
following commands:
> >
> > openssl dgs -md5 -sign key.pem stringtosign.txt
> > | openssl enc -base64 -A > signedbase64string.txt
> >
So you do have the data and signature separate. I missed this part
on my previous reply (so ignore that part).
> > that signed string is part of a text file that includes the
certificate
> > in pem format without the public key.
> > from that file i can get the original stringtosign.txt but
because
> > the key belongs to the owner and i can not have it.
The certificate does contain the publickey. It is the *private*key
that you do not have, should not have, and do not need.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
