openSSL rsautl 和 dgst 的区别 [英] Difference between openSSL rsautl and dgst

问题描述

以下命令为输入文件生成签名:

The following command generates a signature for an input file:

openssl dgst -sha1 -sign privateKey.pem -out signature1 someInputFile

以下命令还为输入文件生成签名:

The following commands also generates a signature for an input file:

openssl dgst -binary -sha1 someInputFile > digest
openssl rsautl -sign -in digest -inkey privateKey.pem -out signature2

据我所知，他们都应该创建文件的 SHA1 摘要的 RSA 签名.但它们不会生成相同的签名.

As far as I know, they should both create the RSA signature of a SHA1 digest of the file. But they don't generate the same signature.

因此，使用方法 2 生成的签名也无法通过 openssl dgst -verify 调用验证.

As a result, the signature generated with method 2 can also not be verified by an openssl dgst -verify call.

有人知道有什么区别吗?如何克服?

Does somebody know what the difference is, and how that can be overcome?

推荐答案

简单的答案是 dgst -sign 创建一个散列，ASN1 对其进行编码，然后对 ASN1 编码的散列进行签名，而 rsautl -sign 只是对输入进行签名，无需散列或 ASN1 编码.这两种方法都在输出中包含输入数据以及签名，而不是仅生成签名作为输出.这是一个 Bash 脚本，显示了 openssl dgst -sign 和 openssl rsautl -sign 之间的区别.

The simple answer is that dgst -sign creates a hash, ASN1 encodes it, and then signs the ASN1 encoded hash, whereas rsautl -sign just signs the input without hashing or ASN1 encoding. Both methods include the input data in the output, together with the signature, rather than producing only a signature as output. Here is a Bash script that shows the difference between openssl dgst -sign and openssl rsautl -sign.

#!/bin/bash
# @(#) Bash script demos difference between openssl rsautl and dgst signing
# Usage: $0 <name of file to sign> <private key file, without passphrase>

# 1. Make an ASN1 config file

cat >asn1.conf <<EOF
asn1 = SEQUENCE:digest_info_and_digest

[digest_info_and_digest]
dinfo = SEQUENCE:digest_info
digest = FORMAT:HEX,OCT:`openssl dgst -sha256 $1 |cut -f 2 -d ' '`

[digest_info]
algid = OID:2.16.840.1.101.3.4.2.1
params = NULL

EOF

# If you are wondering what the "algid = OID:2.16.840.1.101.3.4.2.1" is, it's
# the SHA256 OID, see http://oid-info.com/get/2.16.840.1.101.3.4.2.1

# 2. Make a DER encoded ASN1 structure that contains the hash and
# the hash type
openssl asn1parse -i -genconf asn1.conf -out $1.dgst.asn1

# 3. Make a signature file that contains both the ASN1 structure and
# its signature
openssl rsautl -sign -in $1.dgst.asn1 -inkey $2 -out $1.sig.rsa

# 4. Verify the signature that we just made and ouput the ASN structure
openssl rsautl -verify -in $1.sig.rsa -inkey $2 -out $1.dgst.asn1_v

# 5. Verify that the output from the signature matches the original
# ASN1 structure
diff $1.dgst.asn1 $1.dgst.asn1_v

# 6. Do the equivalent of steps 1-5 above in one "dgst" command
openssl dgst -sha256 -sign $2 -out $1.sig.rsa_dgst $1

# 7. Verify that the signature file produced from the rsautl and the dgst
# are identical
diff $1.sig.rsa $1.sig.rsa_dgst

请参阅我上面对 OP 的评论以获取积分.

See my comment above to the OP for the credits.

这篇关于openSSL rsautl 和 dgst 的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！