openssl命令行来验证签名 [英] openssl command line to verify the signature
问题描述
您好,我生成了一个密钥对,并使用私钥生成签名。
openssl rsautl -sign helloworld.txt -inkey aa.pem -out sig
但我无法验证签名与我public key:
openssl rsautl -verify -in helloworld.txt -inkey aa.pub -sigfile sig
我知道-sigfile已被弃用。一些来自openssl.org的在线文档是错误的。
我应该用什么命令用我的公钥验证sig?
我发现了两个解决你的问题的解决方案。
你可以使用rsautl:(私钥:my.key和公钥my-pub。 pem)
$ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt
为my.key输入密码短语:
$ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin
Bonjour
使用此方法,所有文档都包含在签名文件中,并由最终命令输出。
但在我的情况下,我的证书说:签名算法:sha1WithRSAEncryption。
所以我建议你使用标准的方式签署文档在4个步骤:(这种方法用于所有非对称电子签名为了不过度的签名文件和/或CPU使用)
- 创建要签名的文档摘要(发件人)
- 验证签名是否正确。
OpenSSL分两步执行此操作:$ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt
输入my.key的密码:
$ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt
已验证OK
使用此方法,您向收件人发送了两个文档:原始文件纯文本,签名文件签名摘要。注意:签名文件不包括整个文档!只有摘要。
Hi I have generated a key pair and used the private key to generate a signature.
openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig
However I am unable to verify the signature with my public key:
openssl rsautl -verify -in helloworld.txt -inkey aa.pub -sigfile sig
I know there -sigfile is deprecated. and some of the online doc from openssl.org is wrong.
Whats the command I should use to verify the sig with my public key?
解决方案I found two solutions to your problem.
You can use rsautl that way: (with private key: my.key and public key my-pub.pem)
$ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt Enter pass phrase for my.key: $ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin Bonjour
With this method, all the document is included within the signature file and is outputted by the final command.
But in my case, my certificate says: Signature Algorithm: sha1WithRSAEncryption. So I would recommend you to use the standard way of signing document in 4 steps: (This method is used for all asymmetric electronic signatures in order not to overcharge the signature file and/or CPU usage)
- Create digest of document to sign (sender)
- Sign digest with private key (sender)
- Create digest of document to verify (recipient)
- Verify signature with public key (recipient)
OpenSSL does this in two steps:
$ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt Enter pass phrase for my.key: $ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt Verified OK
With this method, you sent the recipient two documents: the original file plain text, the signature file signed digest. Attention: the signature file does not include the whole document! Only the digest.
这篇关于openssl命令行来验证签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!