[openssl-users] Payload-checksum in PEM?

etc at coderhacks.com etc at coderhacks.com
Thu Mar 8 16:52:56 UTC 2018

Thanks for your help!

But I am not sure I do fully understand that - not doing that every day.
Please one more hint - thanks.

I have a certificate (cer.txt; content is enclosed with ---BEGIN/END 
I can get the public-key out of that. (pubkey.txt; content is enclosed 
I have the PEM (pem.txt; content is enclosed with ---BEGIN/END CMS---).
This is what I call the signature and I would expect to have a hash of 
my original file somewhere inside of it.

If I do

openssl rsautl -pubin -raw -encrypt -inkey pubkey.txt -in pem.txt

I get an error (...rsa routines:RSA_padding_add_none:data too large for 
key size...).

Am I doing something wrong or do I have the wrong ingredients?

I try to find the hashvalue that any other tool gives me when hashing 
the original payload (myfile.txt).


On 2018-03-08 17:31, Viktor Dukhovni wrote:
>> On Mar 8, 2018, at 11:25 AM, etc at coderhacks.com wrote:
>> # openssl cms -sign -in myfile.txt -md md5 -signer cer.txt -inkey key.txt -outform PEM > pem.txt
>> # md5sum myfile.txt
>> Can I expect to find the md5sum checksum somewhere in the ASN1 of pem.txt???
>> # openssl asn1parse -in pem.txt
>> As far I see it is not there - but maybe it is just a quick step to it?
> When signing, the checksum is part of the signature, so you'd have to
> decrypt the signature block with the signer's public key via:
> 	openssl rsautl -pubin -raw -encrypt -inkey pubkey.pem
> and find the message digest there.

More information about the openssl-users mailing list