Hello,
I am using the dgst command to sign a file, I'm also using the -hmac
option. I then want to verify the signature by decrypting it and
checking the hash. The problem is the hash never seems to match.
For example, if i sign the string "foo" I get the hash below
$ echo foo | openssl dgst -sha512 -hmac bar
3e45850d52569540b8c162069831869e867dc46efb753ec0dac42c7a88b14f6a56e1ce54b1b75564acf056d5faedd82f859b8bf8430a7b275704de3651f07eee
However, if I do the same thing, but sign it and then decrypt it, I
get a completely different hash
$ echo foo | openssl dgst -sha512 -hmac bar -sign priv | openssl
rsautl -verify -inkey priv | openssl asn1parse -inform DER
0:d=0 hl=2 l= 81 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT:sha512
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 64 prim: OCTET STRING [HEX
DUMP]:DEEF13827724A82A7FAA3C89F46145A41FE983380B5479A9488A9C7728557BCAF96FE2DE6A1CFFC38384F4160D446BD51E82098BDD1B55A1B1EA49B9A8B2C199
If I don't use the hmac option then the hashes are always the same.
$ echo foo | openssl dgst -sha512
0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6
$ echo foo | openssl dgst -sha512 -sign priv | openssl rsautl -verify -
inkey priv | openssl asn1parse -inform DER
0:d=0 hl=2 l= 81 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT:sha512
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 64 prim: OCTET STRING [HEX DUMP]:
0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
I know I could verify the signature using the -verify option of the
dgst command (which works). But the project I'm working on is unable
to use openssl for the verification part. So I need to hash that
openssl generates to be something predictable.
I'm using OpenSSL 0.9.8k 25 Mar 2009, on linux
Any help would be appreciated
Toby
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org