Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

This document describes how to check a X.509 Certificate for signing from the command line with openssl. It also shows how  to check a signature of a signed file with openssl.

The examples uses EC Keys only.

Extracting the Public Key from the X.509 Certificate

To check a signature with openssl we have to use the public key related to the private key the file was signed with. Therefore we have to extract the public key from the given X.509 certificate for further usage.

Code Block
languagebash

openssl x509 -in /path/to/certificate.pem -noout -pubkey > /tmp/pubkey.pem

Signing a file with a Private Key

In this example a file test.txt is signed with a private key and the (binary) signature will be stored to a file signature.sig.

Code Block
languagebash
openssl dgst -sign private_key.pem -keyform PEM -sha256 -out signature.sig -binary test.txt

Check the signature with a public key

Code Block
languagebash
openssl dgst -verify user_pubkey.pem -keyform PEM -sha256 -signature signature.sig -binary test.txt

...