openssl命令行来验证签名 [英] openssl command line to verify the signature

问题描述

您好，我生成了一个密钥对，并使用私钥生成签名。

  openssl rsautl -sign helloworld.txt -inkey aa.pem -out sig 
  

但我无法验证签名与我public key：

  openssl rsautl -verify -in helloworld.txt -inkey aa.pub -sigfile sig 
  

我知道-sigfile已被弃用。一些来自openssl.org的在线文档是错误的。

我应该用什么命令用我的公钥验证sig？

解决方案

我发现了两个解决你的问题的解决方案。

你可以使用rsautl：（私钥：my.key和公钥my-pub。 pem）

  $ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt 
为my.key输入密码短语：
 $ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin 
 Bonjour 
  
 
 
 
使用此方法，所有文档都包含在签名文件中，并由最终命令输出。
 
 
 
但在我的情况下，我的证书说：签名算法：sha1WithRSAEncryption。 
所以我建议你使用标准的方式签署文档在4个步骤:(这种方法用于所有非对称电子签名为了不过度的签名文件和/或CPU使用）
 
 
创建要签名的文档摘要（发件人）
  
 
  
 
 
验证签名是否正确。   
 
  
 OpenSSL分两步执行此操作：
  $ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt 
输入my.key的密码：
 $ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt 
已验证OK 
  
使用此方法，您向收件人发送了两个文档：原始文件纯文本，签名文件签名摘要。注意：签名文件不包括整个文档！只有摘要。
 
Hi I have generated a key pair and used the private key to generate a signature.
openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig
However I am unable to verify the signature with my public key:
openssl rsautl -verify -in helloworld.txt -inkey aa.pub -sigfile sig
I know there -sigfile is deprecated. and some of the online doc from openssl.org is wrong. 

Whats the command I should use to verify the sig with my public key?
解决方案
I found two solutions to your problem.

You can use rsautl that way: (with private key: my.key and public key my-pub.pem)
$ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt
Enter pass phrase for my.key:
$ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin
Bonjour
With this method, all the document is included within the signature file and is outputted by the final command.

But in my case, my certificate says: Signature Algorithm: sha1WithRSAEncryption.
So I would recommend you to use the standard way of signing document in 4 steps: (This method is used for all asymmetric electronic signatures in order not to overcharge the signature file and/or CPU usage)

Create digest of document to sign (sender)
Sign digest with private key (sender)
Create digest of document to verify (recipient)
Verify signature with public key (recipient)
OpenSSL does this in two steps: 
$ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt 
Enter pass phrase for my.key:
$ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt  
Verified OK
With this method, you sent the recipient two documents: the original file plain text, the signature file signed digest. Attention: the signature file does not include the whole document! Only the digest.

                        
这篇关于openssl命令行来验证签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！