Sign/verify openssl RSA signatures

the2nd at the2nd at
Mon Oct 5 01:43:20 CEST 2015


i've googled a lot and i guess it is just not possible but i want to ask 
this list before giving up.

Is it possible to create (and verify) PKCS1_PSS signatures with gpg that 
are compatible with openssl?

The signatures are created with this commands:
# Generate keys
openssl genrsa -out priv.pem
# Export public key
openssl rsa -pubout -in priv.pem -out pub.pem
# Create test file
echo test123 > test.txt
# Create signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt 
rsa_pss_saltlen:-1 -sign priv.pem -out test.txt.sig test.txt
# Verify signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt 
rsa_pss_saltlen:-1 -verify pub.pem -signature test.txt.sig test.txt

The reason for choosing openssl over gpg is the smooth support for RSA 
signatures in python (pycrypto). Verifying a RSA (PKCS1 PSS) signature 
requires just the public key which makes it easy to use especially when 
verification of the signature must be done in a daemon.

But there are also good reasons for using gpg on the client side because 
its easy to use with smartcards (e.g. a yubikey). So my perfect setup 
would be to be able to create signatures with gpg that can be verified 
with openssl/pycrypto in my daemon.


More information about the Gnupg-users mailing list