Decrypt with the public key using openssl in commandline

encryption command-line openssl digital-signature public-key

11,115

Use the dgst command, not rsautl:

openssl dgst -verify pubkey.pem -signature sigfile_octet message.txt

Here, message.txt is the message that you are trying to verify.

You can use rsautl to "decrypt" the signature, getting access to the raw verification data:

openssl rsautl -verify -inkey pubkey.pem -pubin -in sigfile_octet

This will yield the signature's DER-encoded ASN.1 structure. That's a sequence containing the algorithm identifier of the hash algorithm that was used, followed by the hash itself. If you want OpenSSL to print human-readable view of this structure, you can add the -asn1parse option to the the rsautl command. That looks something like this:

    0:d=0  hl=2 l=  49 cons: SEQUENCE          
    2:d=1  hl=2 l=  13 cons:  SEQUENCE          
    4:d=2  hl=2 l=   9 prim:   OBJECT            :sha256
   15:d=2  hl=2 l=   0 prim:   NULL              
   17:d=1  hl=2 l=  32 prim:  OCTET STRING      
      0000 - c9 8c 24 b6 77 ef f4 48-60 af ea 6f 49 3b ba ec   ..$.w..H`..oI;..
      0010 - 5b b1 c4 cb b2 09 c6 fc-2b bb 47 f6 6f f2 ad 31   [.......+.G.o..1

If you want to extract just the hash, instead of using the -asn1parse option, you can pipe it to the asn1parse command, which gives you the ability to extract elements from the structure.

When you say that you have "the signature value on the digest", I assume that what you have is a real signature with this structure, and not just the raw hash, which was signed with the private key. If that's not the case, you can post some example output.

11,115

Author by

Diederik

Programming for hobby in: HTML, CSS, JavaScript, Meteor Framework & Python

Updated on June 15, 2022

Comments

Diederik almost 2 years
I want to 'manually' compare a digest/hash of a message with the decrypted signature value on this digest.

For this, I want to decrypt the signature value (the signed digest) of the message with the public key that belongs to the private key the digest was signed with in the first place.

I have the following items:
- The digest value in base64 of the message (calculated with SHA256)
- The signature value on the digest in base64 that has been signed with the private key (using SHA256 with RSA Encryption)
- The public key in .pem format belonging to the private key
- I have the actual message (it is in XML containing multiple signatures on different sections of the document). I already verified the signatures using the XML security library. I'm interested in only decrypting the signature value with the public key.
I'm kind of stuck of how I can achieve this using openssl.

I'm trying variations on the commands described here and here, however I'm kind of lost.

I suppose I should convert the signature from base64 value to octet using:

base64 --d sigfile > sigfile_octet?

Then I'm using the command:

openssl rsautl -inkey pubkey.pem -pubin -in sigfile_octet

Does this give me the decrypted signature value in octet? What are the next steps I need to perform to compare it with the base64 digest?

p.s. I already verified the signature using Aleksey's XML security library, so I know the digest should match the decrypted signature value.

Your help would be very much appreciated!!

Kind regards,

Diederik
Maarten Bodewes about 8 years

It's unclear to me if the message is actually available, it doesn't say so in the question anyway. Diederik, could you indicate if this is the case (in the question please).
Diederik about 8 years

Hi erickson, thank you for your anwser, however I'm not looking for an true/false answer regarding the validity of the signature. Is there more information I can attain from dgst command? I actually want to see the decrypted value of the signature value. @MaartenBodewes, yes I have the actual message, however I was already able to verify the signatures (it has multiple signatures on different sections of the message).
Maarten Bodewes about 8 years

@Diederik "The message" is also a technical term for the input of the digest / signature algorithm. How you parse your specific (XML) messages is up to you. But OK, you specified that you want to perform textbook RSA decryption (or, actually, just modular exponentiation and PKCS#1 unpadding) with the public key. Right.
Diederik about 8 years

@MaartenBodewes Ok thank you for the elaboration. After several steps I can successfully calculate the digest manually on the raw xml message ('using openssl dgst -sha256 message'). But yes! I'm actually looking for the textbook RSA decryption :)
brady about 8 years

@Diederik Please check out my update and let me know if it addresses your question.