Hi All,

I have two systems: machine A and machine B.

Task: Machine B has to verify the signature of the message signed by machine A.

Procedure: I get public key in a neat PEM format, the original message to verify( this is in hex string) and the signature( also as a hex string).

I use SHA1 with RSA to sign. I must say that machine A signing is a piece of java code. I send the above mentioned parameters via TCP socket to machine B.

In machine B, I verify using OpenSSL in a simple C program.

I checked the received strings at the C code. I receive the public key in the required PEM format with no difficulty. I also get the original message string which I sent in Hex.

However, when I verify using

openssl dgst -sha1 -verify pubkey.pem -signature s.sign data.sha1

I get a verification failure.

In the above command:

s.sign = hex value of the signature
data.sha1 = This file is the sha1 digest computed on the hex value of the original binary sent via the sockets.(i.e, I get original data as hex and I do an "openssl dgst -sha1" on it to get the hash first and verify it against the signature)

For uniformity I retain the sign and hash files in hex.

Infact I tried passing signature and original data as bas64 encoded values. But even that caused verification failure.

Can anybody clarify how I can do this?

What format to use?

Also, are the openssl vrify command I have used even right?

Thanks in advance.