android verify signature of file with .der public key

Question

I\'m trying to verify the signature of a file. I followed these instruction to generate a certificate:

// generate a private key with size of 2048 bits
openssl g         


        

Answer 1

After A LOT of help from @NikolayElenkov, I finally figured out what was wrong. Trying a different google search, I stumbled upon this stackoverflow question, where the guy says there's two different signature commands you can run. When I was creating all my signature, I was using the stuff I linked to above:

// create a hash
echo 'data to sign' > data.txt
openssl dgst -sha1 < data.txt > hash
// sign it
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash  > signature
// verify it
openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -in signature > verified
diff -s verified hash

and from the post I found today, I tried:

openssl dgst -sha1 -sign privateKey.pem -out signature1 someInputFile

which, as the guy says, creates a different signature file. This is the one my Android code needed! So, the answer to get this to verify is I needed to change how I was generating my signature file! (I wouldn't have gotten this far without @NikolayElenkov, thanks a lot!)