Sign/verify openssl RSA signatures
the2nd at otpme.org
the2nd at otpme.org
Mon Oct 5 01:43:20 CEST 2015
Hi,
i've googled a lot and i guess it is just not possible but i want to ask
this list before giving up.
Is it possible to create (and verify) PKCS1_PSS signatures with gpg that
are compatible with openssl?
The signatures are created with this commands:
# Generate keys
openssl genrsa -out priv.pem
# Export public key
openssl rsa -pubout -in priv.pem -out pub.pem
# Create test file
echo test123 > test.txt
# Create signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt
rsa_pss_saltlen:-1 -sign priv.pem -out test.txt.sig test.txt
# Verify signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt
rsa_pss_saltlen:-1 -verify pub.pem -signature test.txt.sig test.txt
The reason for choosing openssl over gpg is the smooth support for RSA
signatures in python (pycrypto). Verifying a RSA (PKCS1 PSS) signature
requires just the public key which makes it easy to use especially when
verification of the signature must be done in a daemon.
But there are also good reasons for using gpg on the client side because
its easy to use with smartcards (e.g. a yubikey). So my perfect setup
would be to be able to create signatures with gpg that can be verified
with openssl/pycrypto in my daemon.
regards
the2nd
More information about the Gnupg-users
mailing list