Monday, 21 September 2009

openssl dgst: unable to load key file

For one of our applications we sign some files using an SSL private key:

$ openssl dgst -sha1 -sign signing-key.pem -out filename.sha1 filename

I was getting an error when trying to verify the signatures using the corresponding SSL certificate (signed by the certificate authority):

$ openssl dgst -sha1 -verify signing-cert.pem -signature filename.sha1 filename
unable to load key file

The problem is that you need to use the public key to do the verification, not the certificate. Thankfully it is easy enough to extract the public key from the certificate:

$ openssl x509 -in signing-cert.pem -pubkey -noout > signing-pub.pem

Then verification using the public key works as expected:

$ openssl dgst -sha1 -verify signing-pub.pem -signature filename.sha1 filename
Verified OK

Posted by at

4 comments:

  1. Anonymous4 February 2012 at 22:01

    Thank you!

    ReplyDelete
  2. Peter8 June 2012 at 10:58

    Thanks.

    ReplyDelete
  3. Debabrat23 January 2016 at 00:08

    I have been struggling with the error 'unable to load key file' and came across your post.

    It is rally saved my time and life.

    ReplyDelete
  4. Sree Gowtham Josyula14 February 2017 at 12:41

    Thanks!!

    ReplyDelete

Subscribe to: Post Comments (Atom)

Labels