Java SHA1WithRSA using openssl command line

Question

I have the following piece of Java code that I would like to convert to a shell script using openssl command line tool:

java.security.Signature sig = java.security.Signature.getInstance("SHA1WithRSA");
sig.initSign(privateKey);
sig.update(data);
byte[] signatureBytes = sig.sign();

So far I have tried the following:

openssl dgst -sha1 -binary < data.der > data.hash
openssl rsautl -sign -inkey private.key -keyform pem -in data.hash -out data.rsa

However it does not produce the same output. I guess it might have something to do with formats or padding etc. What do I need to do to correct the openssl script?

Both codes above produce a repeatable result but the result is different between java and the openssl shell script.

All suggestions are appreciated.

Kind regards Jens

Answer 1

I actually found the answer myself at last.

The following openssl command will perform SHA1WithRSA and generates the same result as the Java code:

openssl sha1 -sign private.key -out data.rsa data.der

As simple as that, but it was quite hard to find on the web