<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I have some data that was signed with <a
href="https://www.w3.org/PICS/DSig/RSA-SHA1_1_0.html">RSA-SHA1</a>.<br>
<br>
What's the proper way of verifying that data with a signature?<br>
<br>
The signature is base64 encoded, so first I do:<br>
openssl enc -d -A -base64 -in signature.txt -out signature.sha1<br>
Then I do:<br>
openssl dgst -verify pubkey.pem -signature signature.sha1
datafile.txt<br>
Or:<br>
openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
datafile.txt<br>
Either of those fails with:<br>
Verification Failure<br>
<br>
Whenever I try to verify data signed with my own key, everything
works. But for that data that I got from a third party nothing
works. That third party is adamant that the signature is correct and
it's RSA_SHA1, but they've been unwilling to explain the details on
how they sign it and what they use to verify.<br>
<br>
So what are the proper way of dealing with this?<br>
<pre class="moz-signature" cols="72">--
Best Regards,
Nikolay Kudryavtsev</pre>
</body>
</html>