[openssl-users] Verifying RSA-SHA1 signature?
Nikolay Kudryavtsev
nikolay.kudryavtsev at gmail.com
Mon Sep 12 17:07:44 UTC 2016
I have some data that was signed with RSA-SHA1
<https://www.w3.org/PICS/DSig/RSA-SHA1_1_0.html>.
What's the proper way of verifying that data with a signature?
The signature is base64 encoded, so first I do:
openssl enc -d -A -base64 -in signature.txt -out signature.sha1
Then I do:
openssl dgst -verify pubkey.pem -signature signature.sha1 datafile.txt
Or:
openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1 datafile.txt
Either of those fails with:
Verification Failure
Whenever I try to verify data signed with my own key, everything works.
But for that data that I got from a third party nothing works. That
third party is adamant that the signature is correct and it's RSA_SHA1,
but they've been unwilling to explain the details on how they sign it
and what they use to verify.
So what are the proper way of dealing with this?
--
Best Regards,
Nikolay Kudryavtsev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160912/9468b00f/attachment.html>
More information about the openssl-users
mailing list