Thak you DAVE I answer without seeing your post.
> From: dthomp...@prinpay.com > To: openssl-users@openssl.org > Subject: RE: Verify signed text > Date: Thu, 31 Mar 2011 16:56:39 -0400 > > > From: owner-openssl-us...@openssl.org On Behalf Of luis hernandez > > Sent: Thursday, 31 March, 2011 16:07 > > > it did not work: > > $cat signedbase64string.txt | openssl enc -base64 -d -A -out seal > > > $cat stringtosign.xt | openssl dgst -md5 -verify cert.pem > -signature seal > > $unable to load key file > > There shouldn't be a '$' there. > For this operation (dgst -verify) you (unusually) need just the > publickey not the/a cert. If you have the publickey in a file, > by itself or with the cert as you showed before, use that. > (And make durn sure the publickey (file) you have is authentic; > if an attacker can substitute it, your security is toast.) > > Otherwise, if you have the cert, do something like > openssl x509 -in cert.pem -pubkey -noout -out pubkey.pem > and use that resulting file for dgst -verify. > And preferably validate the cert as well. > > > Subject: Re: Verify signed text > > From: w...@omnigroup.com > > Date: Wed, 30 Mar 2011 10:12:45 -0700 > > > On 30 Mar 2011, at 9:59 AM, luis hernandez wrote: > > > i get a file with a signed base64 string produced using the > following commands: > > > > > > openssl dgs -md5 -sign key.pem stringtosign.txt > > > | openssl enc -base64 -A > signedbase64string.txt > > > > So you do have the data and signature separate. I missed this part > on my previous reply (so ignore that part). > > > > that signed string is part of a text file that includes the > certificate > > > in pem format without the public key. > > > from that file i can get the original stringtosign.txt but > because > > > the key belongs to the owner and i can not have it. > > The certificate does contain the publickey. It is the *private*key > that you do not have, should not have, and do not need. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
