From f110c617c706e3a0b21daf29802e44668e202740 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 21 Aug 2016 15:40:34 -0400
Subject: Split out certificate creation; handle verification properly.

---
 basic-signature.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'basic-signature.sh')

diff --git a/basic-signature.sh b/basic-signature.sh
index 16b663a..48b1b93 100755
--- a/basic-signature.sh
+++ b/basic-signature.sh
@@ -4,5 +4,9 @@
 
 set -x
 
-openssl dgst -keyform ENGINE -sha256 -engine pkcs11 -sign   label_boris -out       message.sig message.txt
-openssl dgst -keyform ENGINE -sha256 -engine pkcs11 -verify label_boris -signature message.sig message.txt
+openssl dgst -sha256 -keyform ENGINE -engine pkcs11 -sign label_boris -out message.sig message.txt
+
+openssl verify -CAfile leader.cer boris.cer
+
+openssl x509 -noout -in boris.cer -pubkey |
+openssl dgst -sha256 -verify /dev/stdin -signature message.sig message.txt
-- 
cgit v1.2.3