OpenSSL ECDSA sign and verify file

I would like to sign and verify a pdf with elliptic curve. I got some code but it dosen't work.

Create private key:

openssl ecparam -genkey -name secp384r1 -noout -out private.pem

Create public key:

openssl ec -in private.pem -pubout -out public.pem

Sign file:

openssl dgst -ecdsa-with-SHA1 test.pdf > hash openssl dgst
openssl dgst -ecdsa-with-SHA1 -inkey private.pem -keyform PEM -in hash > signature

Verify file:

openssl dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin data

The part to sign and verify dosen't work.

1

3 Answers

I think you are not actually signing the file, but signing the hash.

I tried the following and it gave me the desired output:

Create signature:
openssl dgst -ecdsa-with-SHA1 -sign private.pem test.pdf > signature.bin
Verify signature:
openssl dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin test.pdf

1

Since -ecda-with-SHA1 is not in the man for dgst and there is no -ecda-with-SHA256 I would recommend :

Sign :

openssl dgst -sha1 -sign private.pem test.pdf > signature.bin

Verify :

openssl dgst -sha1 -verify public.pem -signature signature.bin test.pdf

2

Or if you need an engine, you can also do it in an OpenSSL session:

openssl
OpenSSL> engine -vvvv -t dynamic -pre SO_PATH:someengine.so -pre ID:someengine -pre LIST_ADD:1 -pre LOAD
OpenSSL> dgst -ecdsa-with-SHA1 -out signature.bin -sign private.pem test.pdf
OpenSSL> dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin test.pdf

dgst offers also the -engine option, but here it takes the engine loaded earlier. If required, simply add -engine someengine.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy