JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Introduction

This document describes The article explains how to check the signature of a file signed with an X.509 certificate from the command line using OpenSSL.

The examples uses EC private keys only.

Extracting the Public Key from the X.509 Certificate

use EC Private Keys.

How to create a Signature for a File

Signing a File with a Private Key

This step is performed by the signer of a file.

In the below example the test.txt file is signed with the privatekey.pem Private Key file. The resulting binary signature is stored to the test.txt.sig file.

The signer will make available the Certificate/Public Key and signature file to 3rd partiesTo check a signature with OpenSSL we use the public key related to the private key the file was signed with. We extract the public key to the pubkey.pem file from the given certificate.pem X.509 certificate file.

Code Block
openssl x509dgst -insign certificateprivatekey.pem -nooutkeyform pem -sha256 -pubkey > pubkey.pem

Signing a File with a Private Key

out test.txt.sig -binary test.txt

How to check the Signature of a File

Extracting the Public Key from the X.509 Certificate

This step is performed by a user who wants to verify the authenticity of a file from its signature.

To check a signature with OpenSSL use the Public Key that is related to the Private Key the given file was signed with. From the given certificate.pem X.509 certificate file extract the Public Key to the publickey.pem file .In this step a file test.txt is signed with the privkey.pem private key file, the binary signature is stored to the test.txt.sig file.

Code Block
openssl dgstx509 -signin privkeycertificate.pem -keyform pemnoout -sha256pubkey -out> test.txt.sig -binary test.txtpublickey.pem

Checking the Signature by use of the Public Key

In this step the pubkeypublickey.pem public key Public Key file is used to check if the test.txt.sig signature file matches the test.txt file.

Code Block
openssl dgst -verify pubkeypublickey.pem -keyform pem -sha256 -signature test.txt.sig -binary test.txt

Possible results are include

  • Verified OK
    • The public key Public Key and signature for the signed file match.
  • Verification Failure
    • The public key Public Key and signature for the signed file do not match.