I have two systems: machine A and machine B.
Task: Machine B has to verify the signature of the message signed by machine A.
Procedure: I get public key in a neat PEM format, the original message to verify( this is in hex string) and the signature( also as a hex string).
I use SHA1 with RSA to sign. I must say that machine A signing is a piece of java code. I send the above mentioned parameters via TCP socket to machine B.
In machine B, I verify using OpenSSL in a simple C program.
I checked the received strings at the C code. I receive the public key in the required PEM format with no difficulty. I also get the original message string which I sent in Hex.
However, when I verify using
openssl dgst -sha1 -verify pubkey.pem -signature s.sign data.sha1
I get a verification failure.
In the above command:
s.sign = hex value of the signature
data.sha1 = This file is the sha1 digest computed on the hex value of the original binary sent via the sockets.(i.e, I get original data as hex and I do an "openssl dgst -sha1" on it to get the hash first and verify it against the signature)
For uniformity I retain the sign and hash files in hex.
Infact I tried passing signature and original data as bas64 encoded values. But even that caused verification failure.
Can anybody clarify how I can do this?
What format to use?
Also, are the openssl vrify command I have used even right?
Thanks in advance.