[Catalog-sig] Mirror authenticity
Sean Reifschneider
jafo at tummy.com
Sun Mar 29 23:44:49 CEST 2009
Martin v. Löwis wrote:
> $ openssl dgst -sign privkey -sha1 /etc/passwd
> Error Signing Data
> 5216:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public
> key type:p_sign.c:103:
openssl dsaparam 2048 < /dev/urandom > dsaparam.pem
openssl gendsa dsaparam.pem -out dsapriv.pem
openssl dsa -in dsapriv.pem -pubout -out dsapub.pem
openssl dgst -dss1 -sign dsapriv.pem </etc/services >services.sig
Then:
guin:/tmp$ openssl dgst -dss1 -verify dsapub.pem -signature services.sig
</etc/services
Verified OK
guin:/tmp$ openssl dgst -dss1 -verify dsapub.pem -signature services.sig
</etc/passwd
Verification Failure
zsh: exit 1 openssl dgst -dss1 -verify dsapub.pem -signature
services.sig < /etc/passwd
guin:/tmp$
> where privkey is a PEM "DSA PRIVATE KEY". I'm puzzled about the error
> message - *of course* I'm not passing a public key. This is with Apple's
> openssl 0.9.7l.
It's kind of a funny work-flow to set up a public/private key pair because
of the way DSA works.
Sean
--
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the Catalog-SIG
mailing list