I have generated ECDSA signature with nodeJS crypto library. How to verify it with openssl command

Question

I have generated ECDSA-with-sha256 signature in node using following script:

const crypto = require('node:crypto')

const keys = {
    "pubKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUU0d0VBWUhLb1pJemowQ0FRWUZLNEVFQUNFRE9nQUViVCtFVHUzV21BNjc3b1ZVcDZ3Q1E4eU5ocFZIMWtBQQo4V3F2T0hxR3JqaFVoUzdUcUNGRHBGNStGbklrWUpjSWpwcTJtNmJkcHpNPQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0K",
    "privKey": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1IZ0NBUUF3RUFZSEtvWkl6ajBDQVFZRks0RUVBQ0VFWVRCZkFnRUJCQnhCK01iaS96am90bWJQL1NJTjh1L1kKUitIa0p2cXF5OXdaNTZZaG9Ud0RPZ0FFYlQrRVR1M1dtQTY3N29WVXA2d0NROHlOaHBWSDFrQUE4V3F2T0hxRwpyamhVaFM3VHFDRkRwRjUrRm5Ja1lKY0lqcHEybTZiZHB6TT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo="
}

const message = "Some data"

const privateKey = Buffer.from(keys.privKey, 'base64')
const publicKey = Buffer.from(keys.pubKey, 'base64')

const sign = crypto.createSign('sha256')
sign.write(message)
sign.end()

const signed = sign.sign(privateKey, 'base64')
console.log(signed)

As an output I get for example this signature: MD0CHDNm8dc0uUTBQmBMjlF7t7+QqofLJJzXfA4TIjsCHQDH6br8YJxaa7xB15hLRpWT0ewKBZnhf3UYtx3C

I am trying to verify it using openssl command:

#!/bin/zsh

PUBLIC_KEY="LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUU0d0VBWUhLb1pJemowQ0FRWUZLNEVFQUNFRE9nQUViVCtFVHUzV21BNjc3b1ZVcDZ3Q1E4eU5ocFZIMWtBQQo4V3F2T0hxR3JqaFVoUzdUcUNGRHBGNStGbklrWUpjSWpwcTJtNmJkcHpNPQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0K"
MESSAGE="Some data"
SIGNATURE="MD0CHDNm8dc0uUTBQmBMjlF7t7+QqofLJJzXfA4TIjsCHQDH6br8YJxaa7xB15hLRpWT0ewKBZnhf3UYtx3C"

openssl dgst \
  -sha256 \
  -verify <(base64 -d <(echo $PUBLIC_KEY)) \
  -signature <(base64 -d <(echo $SIGNATURE)) \
  <(echo $MESSAGE)

I am getting an Verification Failure output.

What am I doing wrong here? Am I missing some transformation or parameter?

**echo adds a newline:** either use option `-n` if your system/shell supports it, or use `... <(printf %s "$MESSAGE")`. PS: for your PUBLIC_KEY and SIGNATURE, shells that have `<(procsubst)` also have `<< — dave_thompson_085, Dec 10 '22 at 19:08
Thank you. That's it! Now I just need to figure out why my C code is not compatible with those two :D. — David Novák, Dec 11 '22 at 09:15

I have generated ECDSA signature with nodeJS crypto library. How to verify it with openssl command

0 Answers0