Verifying installation image

bleetube · December 22, 2023, 09:16:03 PM

My sha256sum matches, but I'm not getting the warm and fuzzy "Verified OK" message. What am I doing wrong?


$ openssl version
OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)

$ openssl sha256 OPNsense-23.7-serial-amd64.img.bz2
SHA2-256(OPNsense-23.7-serial-amd64.img.bz2)= 03c774f53520414c73cdcaa4fe3b34c4165395963bef74c533c3878a07b80138

$ openssl base64 -d -in OPNsense-23.7.pub.sig -out /tmp/image.sig
$ openssl dgst -sha256 -verify OPNsense-23.7.pub -signature /tmp/image.sig OPNsense-23.7-serial-amd64.img.bz2
Verification failure
40D75B6DA27F0000:error:02000068:rsa routines:ossl_rsa_verify:bad signature:crypto/rsa/rsa_sign.c:430:
40D75B6DA27F0000:error:1C880004:Provider routines:rsa_verify:RSA lib:providers/implementations/signature/rsa_sig.c:788:

cookiemonster · December 22, 2023, 11:14:20 PM

It looks like maybe you have used the wrong file to decrypt the hash. In other words you have
openssl base64 -d -in OPNsense-23.7.pub.sig -out /tmp/image.sig
when you should instead have:
openssl base64 -d -in OPNsense-<filename>.sig -out /tmp/image.sig
Notice the difference. should be -in <filename>.sig and you have <filename>.pub.sig
Try with that and see how it goes.

bleetube · December 23, 2023, 04:52:22 AM

Code Select


$ openssl base64 -d -in OPNsense-23.7-serial-amd64.img.bz2.sig -out /tmp/image.sig
$ openssl dgst -sha256 -verify OPNsense-23.7.pub -signature /tmp/image.sig OPNsense-23.7-serial-amd64.img.bz2
Verified OK

Whew. Okay, thanks!

Verifying installation image

bleetube

December 22, 2023, 09:16:03 PM

cookiemonster

December 22, 2023, 11:14:20 PM #1

bleetube

December 23, 2023, 04:52:22 AM #2