• 时间:
  • 分类: OpenSSL
  • 阅读:(583)

RSA sign and verify using OpenSSL
创建待签名的文件,公私钥

$ echo abcdefghijklmnopqrstuvwxyz > myfile.txt

生成512位的私钥,这个有点短,现在默认都是使用2048位的私钥了。

$ openssl genrsa -out myprivate.pem 512

从私钥里面生成/得到公钥匙.

$ openssl rsa -in myprivate.pem -pubout > mypublic.pem

查看私钥内容

$ cat myprivate.pem

-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMv7Reawnxr0DfYN3IZbb5ih/XJGeLWDv7WuhTlie//c2TDXw/mW
914VFyoBfxQxAezSj8YpuADiTwqDZl13wKMCAwEAAQJAYaTrFT8/KpvhgwOnqPlk
NmB0/psVdW6X+tSMGag3S4cFid3nLkN384N6tZ+na1VWNkLy32Ndpxo6pQq4NSAb
YQIhAPNlJsV+Snpg+JftgviV5+jOKY03bx29GsZF+umN6hD/AiEA1ouXAO2mVGRk
BuoGXe3o/d5AOXj41vTB8D6IUGu8bF0CIQC6zah7LRmGYYSKPk0l8w+hmxFDBAex
IGE7SZxwwm2iCwIhAInnDbe2CbyjDrx2/oKvopxTmDqY7HHWvzX6K8pthZ6tAiAw
w+DJoSx81QQpD8gY/BXjovadVtVROALaFFvdmN64sw==
-----END RSA PRIVATE KEY-----

使用Openssl命令签名
Message digest algorithm : SHA1
Padding scheme : PCKS#1 v1.5
使用 sha1 摘要 PKCS1 填充 进行签名

$ openssl dgst -sha1 -sign myprivate.pem -out sha1.sign myfile.txt

查看二进制文件

$ hexdump sha1.sign

0000000 91 39 be 98 f1 6c f5 3d 22 da 63 cb 55 9b b0 6a
0000010 93 33 8d a6 a3 44 e2 8a 42 85 c2 da 33 fa cb 70
0000020 80 d2 6e 7a 09 48 37 79 a0 16 ee bc 20 76 02 fc
0000030 3f 90 49 2c 2f 2f b8 14 3f 0f e3 0f d8 55 59 3d
0000040
使用openssl 验签
Openssl decrypts the signature to generate hash and compares it to the hash of the input file.

$ openssl dgst -sha1 -verify mypublic.pem -signature sha1.sign myfile.txt

Verified OK
Referenced from:https://medium.com/@bn121rajesh/rsa-sign-and-verify-using-openssl-behind-the-scene-bf3cac0aade2

本文链接地址:https://const.net.cn/294.html

标签: none

添加新评论