[EXTERNAL] Using openssl-rsautl for verifying signatures.

Philip Prindeville philipp_subx at redfish-solutions.com
Thu May 5 16:35:09 UTC 2022

Bonjour.  Et milles mercis.

That was helpful.

One more question: if I want to reproduce RSA_sign() (and RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll need add code to do the ASN.1 marshaling, right?  There's no convenience function to do that (seems like an oversight if that's the case)?


> On May 4, 2022, at 3:45 AM, Erwann Abalea <Erwann.Abalea at docusign.com> wrote:
> Bonjour,
> The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations.
> PKCS#1v1.5 is rewritten in RFC2313.
> Using the command line tool, you can reproduce this:
> echo -n "Mary had a little lamb." > datatosign
> either one of the following can be used to sign data:
>   openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing
>   openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing
> and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation):
>   openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse
>   openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse
> or you can actually verify the thing without displaying the result of the RSA verify crypto operation:
>   openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1
>   openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign

More information about the openssl-users mailing list