2

I've some difficulties to understand signature and verification process with openSSL.

I have a small hierarchy of certificate : root cert => sub cert => end entity cert. I want to have a code signing certificate from the end entity CA, and thus created a key-pair and requested a CSR : 

openssl genrsa -out key.pem
...
openssl genrsa -pubout -in key.pem -out key.pub.pem
...
openssl req -new -sha256 -key key.pem -out id.csr
...

I send my CSR and recieve the code signing certificat, stored in cert.pem. My understanding is that this certificate is only used for verification purpose (verify signature), and my code should be signed with the private key (key.pem) :

openssl dgst -sha256 -sign key.pem -out program.sign program

Thus, i've program.sign which is signed with key.pem. Then, I need to verify this signature, considering that i've 4 certificate for the path validation : root.pem, sub.pem, end.pem, cert.pem.

How can I ask openssl to verify the signature with multiple certificate in the chain to check ?

I tried this, but of course it don't work because I only specify the code signing certificate, without the rest of the chain :

openssl dgst -sha256 -verify program -signature program.sign cert.pem
undable to load key file

Am I missing something ?

Thank you very much.

dvr33
  • 145
  • 1
  • 3
  • 11

1 Answers1

0

Mostly dupe verifying a file signature with openssl dgst

Your description is a little confusing; I interpret that 'end entity CA' means a CA that issues EE certs, as an EE is not a CA and a CA is not an EE, and what you call 'end entity cert' is not actually the cert of an end entity. Specifically I interpret that your cert.pem is a cert issued by the CA whose cert is in end.pem, using the corresponding privatekey, so that root.pem sub.pem end.pem cert.pem does in fact form a certification path aka chain.

openssl dgst -verify doesn't even take a certificate, much less validate one. It takes only the publickey, and uses that to verify the signature on the data -- or optionally takes the privatekey and derives the publickey and uses that, but typically a party verifying a signature does not and should not have the privatekey. If you want to use commandline to verify a signature against a cert chain, you need to do two things, in either order:

  • use openssl verify to validate the certificate chain; you can either supply the intermediate certs using -untrusted (as a single file, which in your case is cat sub.pem end.pem), or have the intermediate certs (as well as the root) in the truststore used, which can be one you create and specify, or in principle can be the default one (but that often is systemwide and changing it unwise). See Verify a certificate chain using openssl verify and Openssl verify with chained CA and chained Cert (disclosure: mine).

  • get the publickey from the leaf cert with openssl x509 -pubkey -in cert.pem -out pubkeyfile and use it to verify the signature on the data, for which you must specify the data file after the options, or else as standard input, see below.

(I can't get these format correctly without this dummy text)

openssl dgst -sha256 -verify pubkeyfile -signature program.sign program
openssl dgst -sha256 -verify pubkeyfile -signature program.sign <program
dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70