On Mon, Sep 12, 2016, Nikolay Kudryavtsev wrote: > > Whenever I try to verify data signed with my own key, everything > works. But for that data that I got from a third party nothing > works. That third party is adamant that the signature is correct and > it's RSA_SHA1, but they've been unwilling to explain the details on > how they sign it and what they use to verify. > > So what are the proper way of dealing with this? > You can extract the expected digest using either rsautl or pkeyutl and the public key. If that fails then there is a problem with either the key or the format. If you can successfully extract the digest then you can try various transormations on the input data in an attempt to get the same digest. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
