Hi I have generated a key pair and used the private key to generate a signature.
openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig
However I am unable to verify the signature with my public key:
openssl rsautl -verify -in helloworld.txt -inkey aa.pub -sigfile sig
I know there -sigfile is deprecated. and some of the online doc from openssl.org is wrong.
Whats the command I should use to verify the sig with my public key?
I found two solutions to your problem.
You can use rsautl this way: (with private key: my.key and public key my-pub.pem)
$ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt
Enter pass phrase for my.key:
$ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin
Bonjour
With this method, the whole document is included within the signature file and is output by the final command.
But in my case, my certificate says: Signature Algorithm: sha1WithRSAEncryption. So I would recommend that you use the standard way of signing documents in 4 steps: (This method is used for all asymmetric electronic signatures in order not to overload the signature file and/or CPU usage)
OpenSSL does this in two steps:
$ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt
Enter pass phrase for my.key:
$ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt
Verified OK
With this method, you send the recipient two documents: the original file plain text, the signature file signed digest. Attention: the signature file does not include the whole document! Only the digest.