openssl command line to verify the signature - JohnHau/mis GitHub Wiki

I found two solutions to your problem.

You can use rsautl that way: (with private key: my.key and public key my-pub.pem)

$ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt Enter pass phrase for my.key: $ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin Bonjour With this method, all the document is included within the signature file and is outputted by the final command.

But in my case, my certificate says: Signature Algorithm: sha1WithRSAEncryption. So I would recommend you to use the standard way of signing document in 4 steps: (This method is used for all asymmetric electronic signatures in order not to overcharge the signature file and/or CPU usage)

Create digest of document to sign (sender) Sign digest with private key (sender) Create digest of document to verify (recipient) Verify signature with public key (recipient) OpenSSL does this in two steps:

$ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt Enter pass phrase for my.key: $ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt
Verified OK With this method, you sent the recipient two documents: the original file plain text, the signature file signed digest. Attention: the signature file does not include the whole document! Only the digest.

Verify using public key

echo "plop" > "helloworld.txt" openssl rsautl -sign -in hello.txt -inkey private.pem -out sig openssl rsautl -verify -in sig -inkey public.pem -pubin

plop

You can check the doc for rsautl

In your example, this would give :

openssl rsautl -verify -in sig -inkey aa.pem I have copied my full history below :

echo "plop" > "helloworld.txt" openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig openssl rsautl -verify -in sig -inkey aa.pem

plop