dgst验证文件签名

dgst验证文件签名

本文介绍了使用openssl dgst验证文件签名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在一些Java代码中签名数据包,我想验证C服务器上的签名。我想fork openssl为此目的(总是可以使用库函数后...当我知道openssl可以验证签名);但是,它没有这样做:

I am signing packets in some Java code and I want to verify the signatures on a C server. I want to fork openssl for this purpose (can always use library functions later... when I know openssl can verify the signatures); however, it's failing to do so:

openssl dgst -verify cert.pem -signature file.sha1 file.data




  • 所有内容都是 无法加载密钥文件

    证书说明:

    openssl verify cert.pem
    
    cert.pem: /C=....
    error 20 at 0 depth lookup:unable to get local issuer certificate
    

    但是,我特别不在乎验证证书,我只想验证签名给定文件!

    However, I specifically don't care about verifying the certificate, I want only to verify the signature for a given file!

    openssl x509 -in cert.pem -noout -text 的输出是: p>

    The output of openssl x509 -in cert.pem -noout -text is:

    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number:
                ...
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: C=...
            Validity
                Not Before: Feb  1 15:22:44 2010 GMT
                Not After : Jun 19 15:22:44 2037 GMT
            Subject: C=...
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (2048 bit)
                    Modulus (2048 bit):
                        00:cc:cc:f9:c7:3a:00:0f:07:90:55:d9:fb:a9:fe:
                        ...
                        32:cc:ee:7f:f2:01:c7:35:d2:b5:9b:35:dd:69:76:
                        00:a9
                    Exponent: 65537 (0x10001)
        Signature Algorithm: sha1WithRSAEncryption
            39:d6:2c:6b:6a:00:74:b5:81:c2:b8:60:d6:6b:54:11:41:8d:
            ...
            8f:3e:3f:5d:b3:f8:dd:5e
    


    推荐答案

    openssl dgst -verify foo.pem 预期 foo.pem 包含PEM格式的原始公钥。原始格式是 SubjectPublicKeyInfo 结构的编码,可以在证书中找到;但 openssl dgst 无法一次处理完整的证书。

    openssl dgst -verify foo.pem expects that foo.pem contains the "raw" public key in PEM format. The raw format is an encoding of a SubjectPublicKeyInfo structure, which can be found within a certificate; but openssl dgst cannot process a complete certificate in one go.

    您必须先从证书中提取公钥:

    You must first extract the public key from the certificate:

    openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
    

    然后使用键验证签名:

    openssl dgst -verify pubkey.pem -signature sigfile datafile
    

    这篇关于使用openssl dgst验证文件签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-25 20:35