The result of my weekend reading, is the following command, which could pretty nicely do the thing for me:
'openssl sha1 -verify rsa_public_key.pem -signature rsa_signature.bin data_for_digest_computation.txt` the questions would be: - how to split x509 pem certificate with embedded encrypted digest (Signature Alg: sha1RsaEncrypted) into: - rsa_signature.bin - data_for_digest_computation.txt as expected by the above command written in bold in other words - how to convert hex dump of the signature, which is embedded in the pem ceritficate (I hope it is this part of the pem certificate): Signature Algorithm: sha1WithRSAEncryption 88:a9:c6:1f:a3:3e:6a:72:19:54:ee:f4:a6:d5:be:26:da:08: 6b:34:99:b5:67:4b:1e:86:64:3f:4f:c8:0d:e7:f2:83:88:c7: a5:7e:07:b0:16:bf:69:55:c9:28:55:b0:6e:f5:aa:76:1e:f5: d8:67:02:fa:0d:ac:92:2b:62:fc:45:04:eb:f5:5f:94:d4:d1: b3:fa:de:21:5f:88:4b:69:6b:a3:df:6b:50:8e:27:c6:18:19: ec:12:98:6a:c2:d1:66:4e:cc:b8:33:5d:cf:48:7d:06:7d:7f: 10:6a:c8:9a:fe:e2:65:35:aa:88:59:89:09:6b:49:b9:33:29: e2:67 into the form expected by command written in bold (rsa_signature.bin) - how to separate from pem certificate the data on which the signature was computed into the form expected by command written in bold (data_for_digest_computation.txt) If anyone knows any better way to do the above with openssl command line tool, please let me know, regards, Mike DarkMike wrote: > > Hi all, > > I would like to do the following with openssl command line tool: > > 1. Create CA > 2. Create Client > 3. Verify Client in One Way Authentication (OWA) > > Now, I have successfully did first 2 steps using: > > ./CA.sh –newca > ./CA.sh –newreq > ./CA.sh –sign > > I have got private and public keys for both sides CA and Client, > as a part of OWA procedure the third side device called Server gets Client > certificate. > > Server needs to: > > - extract sha1 hash signed with Client private RSA key (Signature Alg: > sha1RsaEncrypted) from the certificate > - decrypt sha1 hash using Client public RSA key > - regenerate sha1 hash on the original message to check if it is correct > > Once I have got familiar with the OWA I thought the above are ones of most > common things > anyone will want to do with openssl, however google is unable to find any > examples for it so far. > > What openssl commands will do the above things for me? > > It would also help me a lot to know the routines I need to use to do the > same from within C program. > Any help would be much appreciated. > > regards, > Mike > -- View this message in context: http://old.nabble.com/Extracting-and-verifying-encrypted-certificate-digest-tp31987195p31987327.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org