erwbgy's ramblings: openssl dgst: unable to load key file

Monday, 21 September 2009

openssl dgst: unable to load key file

For one of our applications we sign some files using an SSL private key:

$ openssl dgst -sha1 -sign signing-key.pem -out filename.sha1 filename

I was getting an error when trying to verify the signatures using the corresponding SSL certificate (signed by the certificate authority):

$ openssl dgst -sha1 -verify signing-cert.pem -signature filename.sha1 filename

unable to load key file

The problem is that you need to use the public key to do the verification, not the certificate. Thankfully it is easy enough to extract the public key from the certificate:

$ openssl x509 -in signing-cert.pem -pubkey -noout > signing-pub.pem

Then verification using the public key works as expected:

$ openssl dgst -sha1 -verify signing-pub.pem -signature filename.sha1 filename

Verified OK

5 comments:

Anonymous4 February 2012 at 22:01
Thank you!
ReplyDelete
Replies
Peter8 June 2012 at 10:58
Thanks.
ReplyDelete
Replies
Debabrat23 January 2016 at 00:08
I have been struggling with the error 'unable to load key file' and came across your post.

It is rally saved my time and life.
ReplyDelete
Replies
Sree Gowtham Josyula14 February 2017 at 12:41
Thanks!!
ReplyDelete
Replies
x86DX27 February 2019 at 16:53
i have same problem... thanks
ReplyDelete
Replies

Add comment

erwbgy's ramblings

Monday, 21 September 2009

openssl dgst: unable to load key file

5 comments:

Labels

Contributors