Verifying Signed Document using Openssl

Question

I have already msg.txt with the message data. I have sign.txt with the signed data obtained after signing it with some private key which I don't have. I pub-key.txt with the public key used for verifying the hash. I am unable to write an openssl command to verify the signed text.

I think it should be openssl dgst -sha256 -verify pub-key.txt -signature sign.txt msg.txt

but I am getting the following error:

Error Verifying Data
12988:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1327:
12988:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=ECDSA_SIG

Answer 1

Is your pub-key.txt a valid PEM key? Is your sign.txt a binary signature file? Looks like your files has troubles.

This openssl verify command is related to ECDSA signature. You can try a self-signed pair of keys to locally sign and verify and understand what you is wrong.

Create a private key called private.pem:
openssl ecparam -name secp256k1 -genkey -noout -out private.pem

Take a public key from it:
openssl ec -in private.pem -pubout -out public.pem

Sign a txt file and get a sign.bin:
openssl dgst -sha256 -sign private.pem msg.txt > sign.bin

Look here that sign.bin is a binary file DER encoded. You can check it with:

openssl asn1parse -inform DER -in sign.bin

A correct output will looks like follow, with different values of course:

0:d=0 hl=2 l= 69 cons: SEQUENCE
2:d=1 hl=2 l= 33 prim: INTEGER :AEF7E3F8C6E15EDA0D18F0E8F8F6483954A6CCF3FF5BD9B321DD2D72C9499E8F 37:d=1 hl=2 l= 32 prim: INTEGER :7C3F30E8234A24ABD84BFD3375379DD7568330E82F4AD8ED69CE91D108918DCE

To verify your msg.txt against sign.bin you run:

openssl dgst -sha256 -verify public.pem -signature sign.bin msg.txt

and you will get a: Verified OK