OpenSSL RSA sign and verify howto
来源:互联网 发布:java loader.getparent 编辑:程序博客网 时间:2024/06/05 15:33
http://www.codealias.info/technotes/openssl_rsa_sign_and_verify_howto
Openssl provides an easy way for signing data using the RSA algorithm. RSA signing provides a robust way to ensure the integrity and authenticity of data.
About OpenSSL
openssl
The RSA signing algorithm
Rather than signing the whole data, we will create a one-way hash of the data using a hash algorithm (e.g SHA256), sign the hash (generates the actual signature), then send the data along with the the signature.
The receiving end will compute the hash on the data (using the same hash algorithm), then verify the signature using the public key (seeSigning messages with RSA)
The following are the detailed steps for signing and verifying a data using the RSA algorithm.
Signing data with the RSA algorithm
Step1. Create private/public keypair (optional)
openssl genrsa -out private.pem 1024
This creates a key file called private.pem. This file actually have both the private and public keys, so you should extract the public one from this file:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
You'll now have public.pem containing just your public key, you can freely share this with 3rd parties.
Step2. Create a hash of the data
echo 'data to sign' > data.txtopenssl dgst -sha256 < data.txt > hash
Step3. Sign the hash using the private key
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash > signature
The file 'signature' and the actual data 'data.txt' can now be communicated to the receiving end. The hash algorithm (in our case SHA256) as well as the public key must also be known to the receiving end.
Authenticate data using the public key
Step4. Create a hash of the data (same as Step 2)
Step5. Verify the signature
openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -in signature > verified
diff -s verified hash
If the result of the above command 'verified' matches the hash generated in Step 3.1 (in which case you the result of the diff command would be 'Files verified and hash are identical') then the signature is considered authentic and the integrity/authenticity of the data is proven.
http://www.codealias.info/technotes/openssl_rsa_sign_and_verify_howto
Openssl provides an easy way for signing data using the RSA algorithm. RSA signing provides a robust way to ensure the integrity and authenticity of data.
openssl
Rather than signing the whole data, we will create a one-way hash of the data using a hash algorithm (e.g SHA256), sign the hash (generates the actual signature), then send the data along with the the signature.
The receiving end will compute the hash on the data (using the same hash algorithm), then verify the signature using the public key (seeSigning messages with RSA)
The following are the detailed steps for signing and verifying a data using the RSA algorithm.
openssl genrsa -out private.pem 1024
This creates a key file called private.pem. This file actually have both the private and public keys, so you should extract the public one from this file:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
You'll now have public.pem containing just your public key, you can freely share this with 3rd parties.
echo 'data to sign' > data.txtopenssl dgst -sha256 < data.txt > hash
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash > signature
The file 'signature' and the actual data 'data.txt' can now be communicated to the receiving end. The hash algorithm (in our case SHA256) as well as the public key must also be known to the receiving end.
openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -in signature > verified
diff -s verified hash
If the result of the above command 'verified' matches the hash generated in Step 3.1 (in which case you the result of the diff command would be 'Files verified and hash are identical') then the signature is considered authentic and the integrity/authenticity of the data is proven.
- OpenSSL RSA sign and verify howto
- 【OpenSSL】Sign & Verify
- Verify certificate with OPENSSL and CryptoAPI
- Verify certificate with OPENSSL and CryptoAPI
- Verify certificate with OPENSSL and CryptoAPI
- verify the kernel sign
- Build openssl with just RSA and AES
- Howto base64 encode with C/C++ and OpenSSL
- openssl rsa
- openssl rsa
- openssl verify 验证证书
- OpenSSL命令---verify
- openssl howto代理证书
- OpenSSL Command-Line HOWTO
- openssl rsa RSA处理工具
- openssl HOWTO证书生成 --翻译
- Sign In and Sign Out
- Sign In and Sign Out
- 数据库数据的恢复和备份
- hdu 5157 回文树
- Docker1.7 中文文档目录
- Linux进程通信---共享内存 代码实现
- DRP之javaweb开发模型Model1&Model2
- OpenSSL RSA sign and verify howto
- DOD发布三款云计算安全标准
- 【学习笔记】printf函数
- mybatis优缺点
- ORACLE 11g如何导出空表
- MySQL加载JDBC驱动程序
- Java多线程之可见性与原子性——synchronized VS volatile
- Android端来电拦截的模块实现
- 运算符的优先级