Using OpenSSL Command Line Apps To Generate Signed Digests

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using OpenSSL Command Line Apps To Generate Signed Digests

Diffenderfer, Randy
Using OpenSSL Command Line Apps To Generate Signed Digests

Folks,

I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects.

Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with no problem.  Given a canonical text file, I can reproduce the digest that I abstract from the PKCS7 structure I generate by using the 'smime' app to create a signed email object.  That's all fine in that direction.

However, when I try to reverse this operation, I don't have the same success.  Given the binary signature bits from a PKCS7 object, I'd like to be able to recover the digest.  I have any/all keys in any/all variations… :-)  Using the 'rsautl' app has not gotten me anywhere.

I also have had no joy in figuring out how to use the 'rsautl' app to "sign" (encrypt, as I understand it) a digest created by 'dgst'.

I have looked in the archives, but didn't see anything on point to what I'm trying to do.

Thanks,
rnd

Reply | Threaded
Open this post in threaded view
|

FW: Using OpenSSL Command Line Apps To Generate Signed Digests

Diffenderfer, Randy
FW: Using OpenSSL Command Line Apps To Generate Signed Digests

Heh,

Figures…  My first post is adequately explained… in the man pages of 'rsautl':

       The signature can be analysed with:

        openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin

The surprise (to me) was that *an ASN1 structure* was what was encoded, not just the raw digest info.  Hadn't run across the DigestInfo structure before in my travels.  Now I know.

Hope this helps the next n00b! :-)

rnd

 -----Original Message-----
From:   Diffenderfer, Randy 
Sent:   Thursday, March 16, 2006 11:29 AM
To:     '[hidden email]'
Subject:        Using OpenSSL Command Line Apps To Generate Signed Digests

Folks,

I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects.

Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with no problem.  Given a canonical text file, I can reproduce the digest that I abstract from the PKCS7 structure I generate by using the 'smime' app to create a signed email object.  That's all fine in that direction.

However, when I try to reverse this operation, I don't have the same success.  Given the binary signature bits from a PKCS7 object, I'd like to be able to recover the digest.  I have any/all keys in any/all variations… :-)  Using the 'rsautl' app has not gotten me anywhere.

I also have had no joy in figuring out how to use the 'rsautl' app to "sign" (encrypt, as I understand it) a digest created by 'dgst'.

I have looked in the archives, but didn't see anything on point to what I'm trying to do.

Thanks,
rnd