Why are the RSA signatures I generate with openssl and golang different?

Question

I use openssl command to sign the message \"Test.\", output with hexdump

# echo \"Test.\" | openssl rsautl -inkey privite.key -sign -hexdump
0000 - 09 1b ce          


        

Answer 1

In addition to the newline added by echo described in helmbert’s answer, the OpenSSL rsautl command operates directly on the supplied data, while the Go code first hashes the data with SHA256 and then signs the resulting digest.

To perform the same as the Go code with OpenSSL, you can use the dgst command with the -sign option (note I’ve included the -n option to echo here too):

$ echo -n "Test." | openssl dgst -sha256 -sign private.key -hex
52e1cce3810c1a89693cf6965d1035618820a9e3a7b95203d885c4153dc3f7424b98e3ba628a186f1074d672bb59a1c0788a9c2064951ca2326eb1bf8e3e49e9

To go the other way and sign the raw message without hashing in Go code, you can pass 0 as the value of the hash argument to rsa.SignPKCS1v15:

indata := []byte("Test.")

s, err := rsa.SignPKCS1v15(nil, privKey, 0, indata)