[openssl-users] Payload-checksum in PEM?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 8 17:37:18 UTC 2018

> On Mar 8, 2018, at 11:52 AM, etc at coderhacks.com wrote:
> I have a certificate (cer.txt; content is enclosed with ---BEGIN/END CERTIFICATE---).
> I can get the public-key out of that. (pubkey.txt; content is enclosed ---BEGIN/END PUBLIC KEY---).
> I have the PEM (pem.txt; content is enclosed with ---BEGIN/END CMS---).

That's a CMS message, it may contains a signature, but it is not (just) a signature.

> This is what I call the signature and I would expect to have a hash of my original file somewhere inside of it.

See above.

> If I do
> openssl rsautl -pubin -raw -encrypt -inkey pubkey.txt -in pem.txt

The raw RSA signed payload is not textual PEM data, it is a binary element of
the CMS structure (when the structure contains a signature).


More information about the openssl-users mailing list