-
Signing data with the RSA algorithm
-
Step1. Create private/public keypair (optional)
openssl genrsa -out private.pem 1024 >private.pem
This creates a key file called private.pem. This file actually have both the private and public keys, so you should extract the public one from this file:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout >public.pem
You‘ll now have public.pem containing just your public key, you can freely share this with 3rd parties.
-
Step2. Create a hash of the data
echo ‘data to sign‘ > data.txt openssl dgst -md5 data.txt >data‘s md5 code
-
Step3. Sign the hash using the private key
openssl rsautl -sign -inkey private.pem -keyform PEM -md5 -out data.sign data.txt > signature
The file ‘signature‘ and the actual data ‘data.txt‘ can now be communicated to the receiving end. The hash algorithm (in our case md5) as well as the public key must also be known to the receiving end.
-
Authenticate data using the public key
-
Step4. Create a hash of the data (same as Step 2)
-
Step5. Verify the signature
openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -md5 -signature -signature data.sign data.txt > verified
diff -s verified hash
If the result of the above command ‘verified‘ matches the hash generated in Step 3.1 (in which case you the result of the diff command would be ‘Files verified and hash are identical‘) then the signature is considered authentic and the integrity/authenticity of the data is proven.
时间: 2024-08-06 22:13:47