使用 openssl dgst 验证文件签名 [英] verifying a file signature with openssl dgst
问题描述
我正在用一些 Java 代码对数据包进行签名,我想在 C 服务器上验证签名.我想为此目的 fork openssl(以后总是可以使用库函数……当我知道 openssl 可以验证签名时);然而,它没有这样做:
I am signing packets in some Java code and I want to verify the signatures on a C server. I want to fork openssl for this purpose (can always use library functions later... when I know openssl can verify the signatures); however, it's failing to do so:
openssl dgst -verify cert.pem -signature file.sha1 file.data
- 它只是说无法加载密钥文件"
证书上写着:
openssl verify cert.pem
cert.pem: /C=....
error 20 at 0 depth lookup:unable to get local issuer certificate
但是,我特别不关心验证证书,我只想验证给定文件的签名!
However, I specifically don't care about verifying the certificate, I want only to verify the signature for a given file!
openssl x509 -in cert.pem -noout -text
的输出是:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
...
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=...
Validity
Not Before: Feb 1 15:22:44 2010 GMT
Not After : Jun 19 15:22:44 2037 GMT
Subject: C=...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:cc:cc:f9:c7:3a:00:0f:07:90:55:d9:fb:a9:fe:
...
32:cc:ee:7f:f2:01:c7:35:d2:b5:9b:35:dd:69:76:
00:a9
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
39:d6:2c:6b:6a:00:74:b5:81:c2:b8:60:d6:6b:54:11:41:8d:
...
8f:3e:3f:5d:b3:f8:dd:5e
推荐答案
openssl dgst -verify foo.pem
期望 foo.pem
包含原始"公钥PEM 格式.原始格式是 SubjectPublicKeyInfo
结构的编码,可以在证书中找到;但是openssl dgst
不能一次性处理完整的证书.
openssl dgst -verify foo.pem
expects that foo.pem
contains the "raw" public key in PEM format. The raw format is an encoding of a SubjectPublicKeyInfo
structure, which can be found within a certificate; but openssl dgst
cannot process a complete certificate in one go.
您必须首先从证书中提取公钥:
You must first extract the public key from the certificate:
openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
然后使用密钥验证签名:
then use the key to verify the signature:
openssl dgst -verify pubkey.pem -signature sigfile datafile
这篇关于使用 openssl dgst 验证文件签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!