Different signatures when using C routines and openssl dgst, rsautl commands

Question

I am using following statement to create a RSA public and private key.

openssl genrsa -out ksign_private.pem 1024 openssl rsa -in ksign_private.pem -pubout > ksign_p

Answer 1

The pkeyutl command should be preferred to rsautl since pkeyutl can handle any algorithm. To obtain the same signature on the command line, you should use the following:

openssl pkeyutl -sign -in testfile.sha1 -inkey ksign_private.pem -pkeyopt digest:sha1 -outfile testfile.sig

The important part is telling openssl that you're using a digest value. Otherwise it seems to be signing a digest of your digest.

Answer 2

You can directly use dgst command to hash and sign data like:

openssl dgst -sha1 -binary -sign privkey.pem < myData > mySignature

see docs for all options.