Monday, 21 September 2009

openssl dgst: unable to load key file

For one of our applications we sign some files using an SSL private key:

$ openssl dgst -sha1 -sign signing-key.pem -out filename.sha1 filename

I was getting an error when trying to verify the signatures using the corresponding SSL certificate (signed by the certificate authority):

$ openssl dgst -sha1 -verify signing-cert.pem -signature filename.sha1 filename
unable to load key file

The problem is that you need to use the public key to do the verification, not the certificate. Thankfully it is easy enough to extract the public key from the certificate:

$ openssl x509 -in signing-cert.pem -pubkey -noout > signing-pub.pem

Then verification using the public key works as expected:

$ openssl dgst -sha1 -verify signing-pub.pem -signature filename.sha1 filename
Verified OK


  1. I have been struggling with the error 'unable to load key file' and came across your post.

    It is rally saved my time and life.