OpenSSL ECDSA sign and verify file

Question

I would like to sign and verify a pdf with elliptic curve. I got some code but it dosen't work.

Create private key:

openssl ecparam -genkey -name secp384r1 -noout -out private.pem

Create public key:

openssl ec -in private.pem -pubout -out public.pem

Sign file:

openssl dgst -ecdsa-with-SHA1 test.pdf > hash openssl dgst
openssl dgst -ecdsa-with-SHA1 -inkey private.pem -keyform PEM -in hash > signature

Verify file:

openssl dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin data

The part to sign and verify dosen't work.

score 10 · Accepted Answer · answered Apr 04 '14 at 09:14

I think you are not actually signing the file, but signing the hash.

I tried the following and it gave me the desired output:

Create signature:
openssl dgst -ecdsa-with-SHA1 -sign private.pem test.pdf > signature.bin

Verify signature:
openssl dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin test.pdf

score 8 · Answer 2 · answered Feb 07 '16 at 23:48

Since -ecda-with-SHA1 is not in the man for dgst and there is no -ecda-with-SHA256 I would recommend :

Sign :

openssl dgst -sha1 -sign private.pem test.pdf > signature.bin

Verify :

openssl dgst -sha1 -verify public.pem -signature signature.bin test.pdf

score 2 · Answer 3 · answered Dec 04 '14 at 15:32

Or if you need an engine, you can also do it in an OpenSSL session:

openssl
OpenSSL> engine -vvvv -t dynamic -pre SO_PATH:someengine.so -pre ID:someengine -pre LIST_ADD:1 -pre LOAD
OpenSSL> dgst -ecdsa-with-SHA1 -out signature.bin -sign private.pem test.pdf
OpenSSL> dgst -ecdsa-with-SHA1 -verify public.pem -signature signature.bin test.pdf

dgst offers also the -engine option, but here it takes the engine loaded earlier. If required, simply add -engine someengine.

OpenSSL ECDSA sign and verify file

3 Answers3

Linked