dgst can not verify files signed with -hex or -c -hex, only binary, and only one file at a time

Fri, 27 Aug 2004 08:04:29 -0700 

Running these 2 commands does work
        openssl dgst -out ud -sign rsakey.pem README
        openssl dgst -verify rsapub.pem -signature ud README
output is
        Verified OK

but with -hex it complains
        openssl dgst -hex -out ud.hex -sign rsakey.pem README
        openssl dgst -verify rsapub.pem -signature ud.hex README
output is
        Verification Failure
trying with -hex in verify fails as well
        openssl dgst -hex -verify rsapub.pem -signature ud.hex README
output is
        Verification Failure

trying with -x and -hex makes no difference
        openssl dgst -c -hex -out ud.chex -sign rsakey.pem README
        openssl dgst -c -hex -verify rsapub.pem -signature ud.chex README
        Verification Failure
        openssl dgst -hex -verify rsapub.pem -signature ud.chex README
        Verification Failure
        openssl dgst -verify rsapub.pem -signature ud.chex README
        Verification Failure
        openssl dgst -c -verify rsapub.pem -signature ud.chex README
        Verification Failure

but okay, i can live with binary output, but i would like to be able to sign multiple files.
openssl dgst -out ud -sign rsakey.pem README sign1
openssl dgst -verify rsapub.pem -signature ud README sign1
output is
Verified OK
Verification Failure
I understand this as verification of the sign on README worked, but not sign1

It does not matter if i add more files. It doesnt matter if they are binary or not.


I would prefer to use hex format, because then i can see what file names was signed.

My openssl package is 0.9.7d-4 from debian sarge. But i have also downloaded
ftp://ftp.openssl.org/source/openssl-0.9.7d.tar.gz
When i unpack with tar -zxf openssl-0.9.7d.tar.gz then it says:
tar: Read 4608 bytes from openssl-0.9.7d.tar.gz
But after a compile it makes no difference, the result is as described above.

So, am i doing anything wrong, or is there a bug in openssl?
Can i translate the -c - hex or -hex output to a binary file before i verify that?
If so, how do i do that?



JonB

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to