Page History
Table of Contents |
---|
Introduction
This document describes how to check a X.509 Certificate for signing from the command line with openssl. It also shows how to check a signature of a signed file with openssl.
The examples uses EC Keys only.
Extracting the Public Key from the X.509 Certificate
To check a signature with openssl we have to use the public key related to the private key the file was signed with. Therefore we have to extract the public key from the given X.509 certificate for further usage.
Code Block | ||
---|---|---|
| ||
openssl x509 -in /path/to/certificate.pem -noout -pubkey > /tmp/pubkey.pem |
Signing a file with a Private Key
In this example a file test.txt
is signed with a private key and the (binary) signature will be stored to a file signature.sig
.
Code Block | ||
---|---|---|
| ||
openssl dgst -sign private_key.pem -keyform PEM -sha256 -out signature.sig -binary test.txt |
Check the signature with a public key
Code Block | ||
---|---|---|
| ||
openssl dgst -verify user_pubkey.pem -keyform PEM -sha256 -signature signature.sig -binary test.txt |
...
Overview
Content Tools