• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

openssl dgst

April 21, 2020 by Mister PKI Leave a Comment

Use the openssl dgst command and utility to output the hash of a given file. The output will be in hexadecimal, and the default hash function is sha256, although this can be overridden. md5 and sha1 are both common digest functions that are still routinely found in practice and can be specified in the command if need be.

The openssl dgst command and utility can also be used to generate and verify digital signatures. Read further for openssl dgst examples.

Computing hash values with openssl dgst

To create the message digest or hash of a given file, run the following command:

openssl dgst example.txt

Where example.txt is the given file to be hashed. The default hashing algorithm in this case is sha256. Again, with openssl dgst sha256 is the default.

To use openssl to compute the fingerprint of a certificate, things are a bit different. The fingerprint of an X.509 certificate is derived from the certificate in binary form, so running openssl dgst on the pem formatted certificate will not give you the intended value.

To compute the fingerprint of a pem formatted or encoded certificate, run the following command:

openssl x509 -in cert.pem -outform der | openssl dgst

Note that we are piping the output from the pem to der conversion into the openssl dgst command. Pretty cool, right?

Signing a file with openssl dgst

To sign a file and output in binary format with the openssl dgst utility, run the following command:

openssl dgst -sha256 -sign key.pem -out example.txt.sign example.txt

Where -sha256 is the signature algorithm, -sign key.pem means to sign with the given private key, and -out example.txt.sign example.txt is the signature file followed by the file to be signed.

To recap this example, use openssl to sign a file with the dgst command and by default, sha256 is the signature algorithm.

Verify a signature with openssl dgst

To verify a signature with the openssl dgst utility, run the following command:

openssl dgst -sha256 -verify pubkey.pem -signature example.sign example.txt

Where -sha256 is the signature algorithm, -verify pubkey.pem means to verify the signature with the given public key, example.sign is the signature file, and example.txt is the file that was signed.

A successful signature verification will show Verified OK.

This will also work with digitally signing PDFs and then verifying the digital signature on the PDF. To clarify, the digital signature is in the .sign file, and not embedded in the file that was signed, so both files are necessary to sign and verify with openssl.

For an additional utility that supports PDF signatures on Linux, check out the pdfsig utility.

If you would like to see more examples of using this utility, please leave a comment or suggestion below.

Read more of our content.

openssl

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022