[openssl-users] Verifying RSA-SHA1 signature?

Dr. Stephen Henson steve at openssl.org
Tue Sep 13 02:19:24 UTC 2016

On Mon, Sep 12, 2016, Nikolay Kudryavtsev wrote:

> Whenever I try to verify data signed with my own key, everything
> works. But for that data that I got from a third party nothing
> works. That third party is adamant that the signature is correct and
> it's RSA_SHA1, but they've been unwilling to explain the details on
> how they sign it and what they use to verify.
> So what are the proper way of dealing with this?

You can extract the expected digest using either rsautl or pkeyutl and the
public key. If that fails then there is a problem with either the key or the
format. If you can successfully extract the digest then you can try various
transormations on the input data in an attempt to get the same digest. 

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list