The result of my weekend reading, is the following command,
which could pretty nicely do the thing for me:
'openssl sha1 -verify rsa_public_key.pem -signature rsa_signature.bin
data_for_digest_computation.txt`
the questions would be:
- how to split x509 pem certificate with embedded encrypted digest
(Signature Alg: sha1RsaEncrypted)
into:
- rsa_signature.bin
- data_for_digest_computation.txt
as expected by the above command written in bold
in other words
- how to convert hex dump of the signature, which is embedded in the pem
ceritficate
(I hope it is this part of the pem certificate):
Signature Algorithm: sha1WithRSAEncryption
88:a9:c6:1f:a3:3e:6a:72:19:54:ee:f4:a6:d5:be:26:da:08:
6b:34:99:b5:67:4b:1e:86:64:3f:4f:c8:0d:e7:f2:83:88:c7:
a5:7e:07:b0:16:bf:69:55:c9:28:55:b0:6e:f5:aa:76:1e:f5:
d8:67:02:fa:0d:ac:92:2b:62:fc:45:04:eb:f5:5f:94:d4:d1:
b3:fa:de:21:5f:88:4b:69:6b:a3:df:6b:50:8e:27:c6:18:19:
ec:12:98:6a:c2:d1:66:4e:cc:b8:33:5d:cf:48:7d:06:7d:7f:
10:6a:c8:9a:fe:e2:65:35:aa:88:59:89:09:6b:49:b9:33:29:
e2:67
into the form expected by command written in bold (rsa_signature.bin)
- how to separate from pem certificate the data on which the signature was
computed
into the form expected by command written in bold
(data_for_digest_computation.txt)
If anyone knows any better way to do the above with openssl command line
tool, please let me know,
regards,
Mike
DarkMike wrote:
>
> Hi all,
>
> I would like to do the following with openssl command line tool:
>
> 1. Create CA
> 2. Create Client
> 3. Verify Client in One Way Authentication (OWA)
>
> Now, I have successfully did first 2 steps using:
>
> ./CA.sh –newca
> ./CA.sh –newreq
> ./CA.sh –sign
>
> I have got private and public keys for both sides CA and Client,
> as a part of OWA procedure the third side device called Server gets Client
> certificate.
>
> Server needs to:
>
> - extract sha1 hash signed with Client private RSA key (Signature Alg:
> sha1RsaEncrypted) from the certificate
> - decrypt sha1 hash using Client public RSA key
> - regenerate sha1 hash on the original message to check if it is correct
>
> Once I have got familiar with the OWA I thought the above are ones of most
> common things
> anyone will want to do with openssl, however google is unable to find any
> examples for it so far.
>
> What openssl commands will do the above things for me?
>
> It would also help me a lot to know the routines I need to use to do the
> same from within C program.
> Any help would be much appreciated.
>
> regards,
> Mike
>
--
View this message in context:
http://old.nabble.com/Extracting-and-verifying-encrypted-certificate-digest-tp31987195p31987327.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
