1

I got this signature

openssl verify cert.pem cert.pem: C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Root CA error 18 at 0 depth lookup:self signed certificate OK

Looks good. I got this file, but it then tells me it cannot open the file with this command

openssl rsautl -verify -in receipt2.hex.pkcs7 -pubin -inkey cert.pem -out verified-data.bin unable to load Public Key

What am I missing here?

Improve this question
1
  • Are you encrypting (can't be done with public certificate), or checking a signature (can be done). Commented Sep 17, 2020 at 20:58

1 Answer 1

Reset to default
2

cert.pem is a certificate. A certificate contains a public key, but it is not a public key. You need to extract the public key from the certificate.

openssl x509 -in cert.pem -noout -pubkey -out pubkey.pem openssl rsautl -pubin -inkey pubkey.pem …

Alternatively, use pkeyutl, which has two benefits: it also works on other public key schemes (e.g. ECDSA), and it has an option to extract the public key from the certificate.

openssl pkeyutl -certin -in cert.pem …
Improve this answer
1
  • Thanks Gilles, will test and tick the green box if it solves my problem! Commented Sep 18, 2020 at 5:18

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.