Verifying -sha256 signature using OpenSSL

Question

Maven checksum plugin generated 2 files for me:

Schedule.war
Schedule.war.sha256

On our Windows 2008 R2 production machine we only have OpenSSL, so I thought about using OpenSSL to verify signature against the war file. We are not allowed to install any other software.

SO far I got it to print out the on CMD hash of war file but not verify.

Can someone help me with the command to also verify?

This is what I have so far:

C:\Users\Administrator>openssl dgst -sha256 -signature Schedule.war.sha256 Schedule.war
SHA256(Schedule.war)= 3t4g5h6j7kf72333c2894f2942b7b5871d844b25576f7f6fif8fnf8e8w8e5

Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask. Also see Where do I post questions about Dev Ops? — jww
– jww, Commented Nov 10, 2016 at 18:30

Angelina · Accepted Answer · 2016-11-10 19:27:06Z

1

I just went with:

openssl dgst -sha256 Schedule.war
SHA256(Schedule.war)= 3t4g5h6j7kf72333c2894f2942b7b5871d844b25576f7f6fif8fnf8e8w8e5

And manually open .sha256 file and compare.

answered Nov 10, 2016 at 19:27

Angelina

2,28512 gold badges47 silver badges92 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Verifying -sha256 signature using OpenSSL

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related