[Catalog-sig] Mirror authenticity

Sean Reifschneider jafo at tummy.com
Sun Mar 29 23:44:49 CEST 2009

Martin v. Löwis wrote:
> $ openssl dgst -sign privkey -sha1 /etc/passwd
> Error Signing Data
> 5216:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public
> key type:p_sign.c:103:

openssl dsaparam 2048 < /dev/urandom > dsaparam.pem
openssl gendsa dsaparam.pem -out dsapriv.pem
openssl dsa -in dsapriv.pem -pubout -out dsapub.pem
openssl dgst -dss1 -sign dsapriv.pem </etc/services >services.sig


   guin:/tmp$ openssl dgst -dss1 -verify dsapub.pem -signature services.sig
   Verified OK
   guin:/tmp$ openssl dgst -dss1 -verify dsapub.pem -signature services.sig
   Verification Failure
   zsh: exit 1     openssl dgst -dss1 -verify dsapub.pem -signature
services.sig < /etc/passwd

> where privkey is a PEM "DSA PRIVATE KEY". I'm puzzled about the error
> message - *of course* I'm not passing a public key. This is with Apple's
> openssl 0.9.7l.

It's kind of a funny work-flow to set up a public/private key pair because
of the way DSA works.

Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability

More information about the Catalog-SIG mailing list