Split out certificate creation; handle verification properly.

author: Rob Austein <sra@hactrn.net> 2016-08-21 15:40:34 -0400
committer: Rob Austein <sra@hactrn.net> 2016-08-21 15:40:34 -0400
commit: f110c617c706e3a0b21daf29802e44668e202740 (patch)
tree: bcf8f0e8fa9f3618215816e4d3d3a2170e3dbd4b /basic-signature.sh
parent: 3c65389a9c1473595ac9a7e315ccde42a0ee008c (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/basic-signature.sh b/basic-signature.sh
index 16b663a..48b1b93 100755
--- a/basic-signature.sh
+++ b/basic-signature.sh
@@ -4,5 +4,9 @@
 
 set -x
 
-openssl dgst -keyform ENGINE -sha256 -engine pkcs11 -sign   label_boris -out       message.sig message.txt
-openssl dgst -keyform ENGINE -sha256 -engine pkcs11 -verify label_boris -signature message.sig message.txt
+openssl dgst -sha256 -keyform ENGINE -engine pkcs11 -sign label_boris -out message.sig message.txt
+
+openssl verify -CAfile leader.cer boris.cer
+
+openssl x509 -noout -in boris.cer -pubkey |
+openssl dgst -sha256 -verify /dev/stdin -signature message.sig message.txt
author	Rob Austein <sra@hactrn.net>	2016-08-21 15:40:34 -0400
committer	Rob Austein <sra@hactrn.net>	2016-08-21 15:40:34 -0400
commit	f110c617c706e3a0b21daf29802e44668e202740 (patch)
tree	bcf8f0e8fa9f3618215816e4d3d3a2170e3dbd4b /basic-signature.sh
parent	3c65389a9c1473595ac9a7e315ccde42a0ee008c (diff)