hex digest won't verify

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

hex digest won't verify

Lloyd Brown
Hey all,

Is it possible to use openssl dgst to generate and verify digests in hex
format?  I've been trying it for some time, and I can't figure it out.  
I can generate the digest in hex format without any problem, but I can't
get it to verify (syntax examples below).

Generate the digest:
lbrown@dsss:~$ openssl dgst -hex -sha512 -sign
/opt/dsss/keys/rsa.key.2048 -out /tmp/tmp_sig
/opt/dsss/datafiles/WRave2gif.c

Verify:
lbrown@dsss:~$ openssl dgst -hex -sha512 -verify
/opt/dsss/keys/rsa.key.2048.pub -signature /tmp/tmp_sig
/opt/dsss/datafiles/WRave2gif.c
Verification Failure

or:
lbrown@dsss:~$ openssl dgst -sha512 -verify
/opt/dsss/keys/rsa.key.2048.pub -signature /tmp/tmp_sig
/opt/dsss/datafiles/WRave2gif.c
Verification Failure

The similar syntax works if I leave out the '-hex' all the time, meaning
binary digests.  However, it's going to be a little difficult to use
binary digests for my application.

Any ideas?

Thanks,
Lloyd Brown
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: hex digest won't verify

Dr. Stephen Henson
On Mon, Nov 14, 2005, Lloyd Brown wrote:

> Hey all,
>
> Is it possible to use openssl dgst to generate and verify digests in hex
> format?  I've been trying it for some time, and I can't figure it out.  
> I can generate the digest in hex format without any problem, but I can't
> get it to verify (syntax examples below).
>
> Generate the digest:
> lbrown@dsss:~$ openssl dgst -hex -sha512 -sign
> /opt/dsss/keys/rsa.key.2048 -out /tmp/tmp_sig
> /opt/dsss/datafiles/WRave2gif.c
>
> Verify:
> lbrown@dsss:~$ openssl dgst -hex -sha512 -verify
> /opt/dsss/keys/rsa.key.2048.pub -signature /tmp/tmp_sig
> /opt/dsss/datafiles/WRave2gif.c
> Verification Failure
>
> or:
> lbrown@dsss:~$ openssl dgst -sha512 -verify
> /opt/dsss/keys/rsa.key.2048.pub -signature /tmp/tmp_sig
> /opt/dsss/datafiles/WRave2gif.c
> Verification Failure
>
> The similar syntax works if I leave out the '-hex' all the time, meaning
> binary digests.  However, it's going to be a little difficult to use
> binary digests for my application.
>

The -hex option is currently output only, so it wont work at present if you
input a signature in hex format.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]