verifying a file signature with openssl dgst

Question

I am signing packets in some Java code and I want to verify the signatures on a C server. I want to fork openssl for this purpose (can always use library functions later...

Answer 1

openssl dgst -verify foo.pem expects that foo.pem contains the "raw" public key in PEM format. The raw format is an encoding of a SubjectPublicKeyInfo structure, which can be found within a certificate; but openssl dgst cannot process a complete certificate in one go.

You must first extract the public key from the certificate:

openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

then use the key to verify the signature:

openssl dgst -verify pubkey.pem -signature sigfile datafile