1

bob has created a private key with

openssl genrsa -out Private.pem 1024

then created the public key with

openssl rsa -in Private.pem -out Public.pem -outform PEM -pubout

he created a file named data.txt with "hello" plain text inside and ran the command

openssl dgst -sha1 -sign Private.pem data.txt| openssl enc -base64 -A > signature.txt

now he sent alice the file data.txt. The signature.txt and Public.pem files.

how can alice verify the authenticity?

thks in advance

Paul Rooney
  • 20,879
  • 9
  • 40
  • 61
rpcm
  • 133
  • 1
  • 3
  • 8

1 Answers1

3

First you need to decode your base64-encoded signature and then just verify the signature:

openssl enc -d -A -base64 -in signature.txt -out signature.sha1
openssl dgst -sha1 -verify Public.pem -signature signature.sha1 data.txt
sirgeorge
  • 6,331
  • 1
  • 28
  • 33