<div dir="ltr"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Hi,<br></span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial">Could some openssl expert please advise  ?<br><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Trying to get the equivalent Openssl command-line version of the following java snippet.</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I have tried this  </span><span style="text-decoration-style:initial;text-decoration-color:initial;color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;text-align:left;background-color:rgb(255,248,220);float:none;display:inline">openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 codeTosign.txt</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">But the  the results do not match ?</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">```</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">From: "tim.fortinbras" <</span><a href="mailto:tim.fortinbras@gmail.com" target="_blank" style="color:rgb(17,85,204);font-size:small">tim.fortinbras@gmail.com</a><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">></span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">To: </span><a href="mailto:openssl-users@openssl.org" target="_blank" style="color:rgb(17,85,204);font-size:small">openssl-users@openssl.org</a><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Cc: </span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Bcc: </span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Date: Tue, 31 Jul 2018 06:48:59 -0700 (MST)</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Subject: Looking for exact openssl commands to do the following from command line ?</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">import java.security.KeyFactory;</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">import java.security.Signature;</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">import java.security.spec.PKCS8Encode</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">dKeySpec;</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">import java.util.Base64;</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">public class SHA256RSA {</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">    public static void main(String[] args) throws Exception {</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        String input = "sample input";</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        // Not a real private key! Replace with your private key!</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        String strPk = "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">9"</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                + "w0BAQEFAASCBKkwggSlAgEAAoIBAQ</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">DJUGqaRB11KjxQ\nKHDeG"</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                + ".............................</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">..........................."</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                + "Ldt0hAPNl4QKYWCfJm\nNf7Afqaa/</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">RZq0+y/36v83NGENQ==\n"<span> </span></span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                + "-----END PRIVATE KEY-----\n";</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        String base64Signature = signSHA256RSA(input,strPk);</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        System.out.println("Signature=</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">"+base64Signature);</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">    }</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">    // Create base64 encoded signature using SHA256/RSA.</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">    private static String signSHA256RSA(String input, String strPk) throws</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Exception {</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        // Remove markers and new line characters in private key</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        String realPK = strPk.replaceAll("-----END PRIVATE KEY-----", "")</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                             .replaceAll("-----BEGIN PRIVATE KEY-----", "")</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">                             .replaceAll("\n", "");</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        byte[] b1 = Base64.getDecoder().decode(rea</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">lPK);</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1);</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        KeyFactory kf = KeyFactory.getInstance("RSA");</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        Signature privateSignature = Signature.getInstance("SHA256w</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">ithRSA");</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        privateSignature.initSign(kf.g</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">eneratePrivate(spec));</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        privateSignature.update(input.</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">getBytes("UTF-8"));</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        byte[] s = privateSignature.sign();</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">        return Base64.getEncoder().encodeToSt</span><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">ring(s);</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">    }</span><br style="font-size:small;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:small;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">}</span><br></div>