Openssl pkeyutl 期望什么格式的签名?
我正在尝试验证通过使用 SHA-1 进行哈希签名并使用 RSA 私钥对哈希进行加密来签名的文件。
显然我正在使用 RSA 公钥进行验证。密钥采用 DER 格式。
使用 Java 的 Signature 类可以正确进行签名验证。
我正在尝试的 openssl 命令(以及结果)是:
~/Downloads/openssl-1.0.0-beta3/apps/openssl pkeyutl -in encryptedZip.bin
-keyform DER -verify -sigfile savedDigitalSignature.txt -pubin -inkey public.der
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Signature Verification Failure
我在 openssl 配置文件中没有看到任何适用的内容,因此我认为该警告并不重要。
saveDigitalSignature.txt 文件包含签名字节。
我的理论是 openssl 正在寻找某种特定文件格式的数字签名,但我没有在文档中找到任何指示它应该是什么的内容。
想法?
I'm trying to verify a file that was signed by hashing with SHA-1 and encrypting the hash with an RSA private key.
Obviously I'm using the RSA public key to verify. The key is in DER format.
The signature verification works correctly using Java's Signature class.
The openssl command I'm trying (and the result) is:
~/Downloads/openssl-1.0.0-beta3/apps/openssl pkeyutl -in encryptedZip.bin
-keyform DER -verify -sigfile savedDigitalSignature.txt -pubin -inkey public.der
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Signature Verification Failure
I don't see anything in the openssl configuration file that would apply, so I don't think that warning is significant.
The savedDigitalSignature.txt file contains the signature bytes.
My theory is that openssl is looking for the digital signature to be in some specific file format, but I haven't found anything in the documentation indicating what that should be.
Thoughts?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这个命令的级别非常低。您必须确保所有内容都采用正确的格式才能正常工作,
This command is very low level. You have to make sure everything is in the right format for it to work,
我还没有使用过 OpenSSL-1.0.0-beta3,所以对
pkeyutl不太熟悉,但是dgst命令也可以生成并验证数字签名,而且它期望签名是简单的、完全不加修饰的二进制。例如,对于 RSA 签名,它需要一个代表单个 BigNum 的二进制 blob。查看 pkeyutl 的手动页面,似乎它的工作方式是相同的。一个简单的测试是使用 pkeyutl 签署某些内容,并检查输出(如果位大小与 RSA 密钥长度相同,则它是一个普通的 BigNum - 如果它更大,请尝试使用 dumpasn1 来查看它是否为 DER 格式)。
I haven't used OpenSSL-1.0.0-beta3 yet, so I'm not familiar with
pkeyutl, but thedgstcommand also generates and verifies digital signatures, and it expects signatures to be in plain, completely unadorned binary.Eg, for an RSA signature, it expects a binary blob representing a single BigNum. Looking at the maual page for pkeyutl, it seems likely that it works the same way. An easy test would be to use pkeyutl to sign something, and inspect the output (if the size in bits is the same as your RSA key length, it's a plain BigNum - if it's bigger, try using dumpasn1 to see if its a DER format).
Java 期望 RSA 签名遵循 PKCS #1:摘要算法和摘要的序列,然后进行签名(使用 RSA 私钥加密)。
pkeyutl 可能只期望摘要,而不是 ASN.1 结构,但这将令人惊讶地忽视互操作性。在任何一种情况下,一旦数据被“签名”,“签名”输出将看起来类似......只是一个随机的八位位组字符串。
请发布由
pkeyutl生成的示例签名,以及用于验证它的公钥以及要验证的文件。Java expects an RSA signature to follow PKCS #1: a sequence of the digest algorithm and the digest, then signed (encrypted with the RSA private key).
It may be that
pkeyutlis expecting only the digest, not an ASN.1 structure, but that would be a surprising disregard for interoperability. In either case, once the data is "signed", the "signature" output will appear similar…just a random string of octets.Please post a sample signature generated by
pkeyutl, together with a public key that will verify it, and the file to be verified.