> On Sep 12, 2016, at 1:07 PM, Nikolay Kudryavtsev <nikolay.kudryavtsev at gmail.com> wrote: > > The signature is base64 encoded, so first I do: > openssl enc -d -A -base64 -in signature.txt -out signature.sha1 > Then I do: > openssl dgst -verify pubkey.pem -signature signature.sha1 datafile.txt > Or: > openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1 datafile.txt > Either of those fails with: > Verification Failure > > Whenever I try to verify data signed with my own key, everything works. But for that data that I got from a third party nothing works. That third party is adamant that the signature is correct and it's RSA_SHA1, but they've been unwilling to explain the details on how they sign it and what they use to verify. What is the canonical representation of the text file? Does it have <LF> line-endings, or <CRLF> line endings? In what representation was it signed? -- Viktor. -- Viktor.
