Trouble verifying a pkg-repo signature manually

John W. O'Brien john at
Sun Feb 9 01:23:38 UTC 2014

On 2/8/14 6:50 PM, John W. O'Brien wrote:
> Hello freebsd-ports@,
> I'm trying to build and maintain my own package repository and
> understand how everything is put together in the process. Right now, I'm
> having trouble understanding how the signatures are made and verified.
> The following should illustrate both the problem I'm having and how I
> think things are supposed to work.
> Testing the signature
> ---------------------
> # cd /tmp/test
> # tar xf /tmp/packages/digests.txz
> # openssl dgst -verify /tmp/keys/ \
>     -signature signature -sha256 digests
> Verification Failure

I think I found out why this doesn't work.

Inside pkg-repo(8), the code that actually generates the signature [0],
signs an ASCII-encoded, zero-terminated [1] representation of the SHA256
digest. I would guess that inside "openssl dgst ... -sha256 ..." the
signature generation and verification are operating on a SHA256 blob
(i.e. unterminated binary).

So, the next best way I've come up with to verify a repo by hand is this:

# openssl rsautl -pubin -inkey /tmp/keys/ \
    -verify -in test_sig -asn1parse
    0:d=0  hl=2 l=  49 cons: SEQUENCE
    2:d=1  hl=2 l=  13 cons:  SEQUENCE
    4:d=2  hl=2 l=   9 prim:   OBJECT            :sha256
   15:d=2  hl=2 l=   0 prim:   NULL
   17:d=1  hl=2 l=  32 prim:  OCTET STRING
      0000 - 7d b0 d6 38 8c 0f 28 53-2a 76 40 4f d6 84 8f 24
}..8..(S*v at O...$
      0010 - e5 0a a1 57 45 ec f1 31-14 aa d0 4c 9a d0 fc 17
# sha256 -q digests

I just visually compare the OCTET STRING to the digest.

[0] rsa_sign()
[2] sha256_hash()

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 535 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-ports mailing list