On 30 Mar 2011, at 12:02 PM, luis hernandez wrote: > Thanks Wim, > > i know that cer pem files have the public key in it like: > > -----BEGIN PUBLIC KEY----- > MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD0ltQNthUNUfzq0t1GpIyapjz... > -----END PUBLIC KEY----- > -----BEGIN CERTIFICATE----- > MIIE/TCCA+WgAwIBAgIUMzAwMDEwMDAwMDAxMDAwMDA4MDAwDQYJKoZIhvcNAQEF... > -----END CERTIFICATE----- > > but what i receive is: > signedstring:ki987jjhfw84hf7ewh9f497fe9hihfw87yr79g23hfd937f237fg327f2... > certificate:MIIE/TCCA+WgAwIBAgIUMzAwMDEwMDAwMDAxMDAwMDA4MDAwDQYJKoZIhvcNAQEF... > some other data... > > so from that can i verify the signed string?
You should be able to either base64-decode the "certificate" text to get a certificate in DER format, or you could surround it by BEGIN/END CERTIFICATE lines to get a certificate in PEM format. Even though your .cer files have both a PUBLIC KEY blob and a CERTIFICATE blob, the certificate blob includes all the public-key information needed to verify a message. In effect, a certificate is a copy of your public key that's been signed by the certificate authority. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org