Sign and Verify
Signature
- signature = private key encrypted hash
- verify = decrypt signature and compare with hash
- don’t use for messaging (replay attack) → better gnupg
Code
# data
date > data.txt
# keys
openssl genrsa -out private.pem
openssl rsa -in private.pem -pubout > public.pem
# sign and verify with dgst
openssl dgst -sha256 -sign private.pem data.txt > signature
openssl dgst -sha256 -verify public.pem -signature signature data.txt
# create hash from data
openssl dgst -sha256 -binary < data.txt > hash
# sign and verify with pkeyutl
openssl pkeyutl -in hash -sign -inkey private.pem -pkeyopt digest:sha256 > signature
openssl pkeyutl -in hash -verify -pubin -inkey public.pem -pkeyopt digest:sha256 -sigfile signature
# sign and verify with gnupg
gpg --output signature --detach-sig data.txt
gpg --verify signature data.txt