I want to create a signature and verify it with openssl. I want to have hex output of my signature.
it's my code
#create private key
openssl ecparam -genkey -name secp256k1 -rand /dev/urandom -noout -out private.pem
#public key derivation
openssl ec -in private.pem -pubout -out public.pem
#create signature
openssl dgst -sha256 -hex -sign private.pem msg.txt > signature.hex
#check signature
openssl dgst -sha256 -verify public.pem -signature signature.hex msg.txt
I get this error:
Error Verifying Data
4573216364:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
4573216364:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=ECDSA_SIG
If I remove -hex during create signature, it works.
$ openssl version
OpenSSL 1.0.2s 28 May 2019
The openssl dgst command "-hex" parameter means that the output is NOT binary but a hex dump of the binary output.
Quote:
-hex
digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature. See NOTES below for digital signatures using -hex.
And the note section:
Hex signatures cannot be verified using openssl. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification.
So if you use the -hex option for a hex dump, you need to convert it back to binary yourself somehow before passing it into openssl to verify.