What am I missing here?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

What am I missing here?

David Gianndrea
Im trying to generate sha1 digests of some config files using
a private key, and then use the verify option and the public
key to confirm the signed digest file. Here are the 2 commands
I used.

c:\apache\bin\openssl dgst -sha1 -out c:\apache\sigs\httpd.conf.sha1
-sign c:\apache\sigs\sigs.dat -passin pass:somepassword
c:\apache\conf\httpd.conf

then

c:\apache\bin\openssl dgst -sha1 -verify c:\apache\sigs\sigs.crt
-signature c:\apache\sigs\httpd.conf.sha1 c:\apache\conf\httpd.conf

every time I try to do the verify it complains that...

C:\Apache\sigs>c:\apache\bin\openssl dgst -sha1 -d  -verify
c:\apache\sigs\sigs.crt -signature c:\apache\sigs\httpd.conf.sha1
   c:\apache\conf\httpd.conf
unable to load key file
BIO[00901800]:Free - FILE pointer


This sounds like I don't understand something about the -verify
option. If I use the private key it works as expected. The only other
thing that I can think of that may be mucking up the works is that
this is a self signed cert.

Clues?


--
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Email:   [hidden email]
Web:     www.comsquared.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What am I missing here?

Dr. Stephen Henson
On Mon, Jan 16, 2006, David Gianndrea wrote:

> Im trying to generate sha1 digests of some config files using
> a private key, and then use the verify option and the public
> key to confirm the signed digest file. Here are the 2 commands
> I used.
>
> c:\apache\bin\openssl dgst -sha1 -out c:\apache\sigs\httpd.conf.sha1
> -sign c:\apache\sigs\sigs.dat -passin pass:somepassword
> c:\apache\conf\httpd.conf
>
> then
>
> c:\apache\bin\openssl dgst -sha1 -verify c:\apache\sigs\sigs.crt
> -signature c:\apache\sigs\httpd.conf.sha1 c:\apache\conf\httpd.conf
>
> every time I try to do the verify it complains that...
>
> C:\Apache\sigs>c:\apache\bin\openssl dgst -sha1 -d  -verify
> c:\apache\sigs\sigs.crt -signature c:\apache\sigs\httpd.conf.sha1
>   c:\apache\conf\httpd.conf
> unable to load key file
> BIO[00901800]:Free - FILE pointer
>
>
> This sounds like I don't understand something about the -verify
> option. If I use the private key it works as expected. The only other
> thing that I can think of that may be mucking up the works is that
> this is a self signed cert.
>
>

The -verify option uses public keys not certificates. You can extract
the public key from a certificate using the 'x509' utility.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]