Signing and Verification helps with both the integrity and authenticity.
What is digest?
The digest is a kind of "verifier" calculated from the data blob by using a hash algorithm like sha256.
The digest is actually the data which will be used to generate the signature.
What is signature?
Shortly, the signature is protected version of the digest. At this points, keys join the process.
What is verification?
Verification process is briefly comparing the calculated hash with the decrypted signature using the public key.
Asymmetric Signing and Verification using OpenSSL Terminal
- Calculation of the digest with sha256:
To have binary formatted digest, use -binary option as below:
openssl dgst -sha256 -binary input.data > digest
To have a hex formatted digest, use -hex option as below:
openssl dgst -sha256 -hex input.data > digest - Generation of the key pair based on using the RSA-4096:
To generate 4096 bit length private key:
openssl genrsa -out priv_rsa_key.pem 4096
Extract pub-key from it:
openssl rsa -in priv_rsa_key.pem -pubout > pub_rsa_key.pem
RSA priv key and pub key structure:
-----BEGIN RSA PRIVATE KEY-----
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
-----END RSA PUBLIC KEY-----
To see the all components of the priv key, execute the command below:
openssl rsa -in priv_rsa_key.pem -noout -text
- Signing and verification:
openssl dgst -binary -sign priv-key.pem -keyform PEM -sha256 -out input.data.sign input.data
dgst: To calculate the digest of the data.
-binary: To have binary formatted digest.
-sign priv-key.pem : To sign the calculated digest using the priv-key.pm
-keyform PEM : Key format of the private key.
-sha256: The hash function used to calculate the digest.
-out input.data.sign: The file to store the signature.
input.data: The name of the input file.
openssl dgst -binary -verify key.pub -keyform PEM -sha256 -signature data.zip.sign data.zip
dgst: To calculate the digest of the data.
-binary: To have binary formatted digest.
-verify key.pub : To verify the calculated digest using the priv-key.pm
-keyform PEM : Key format of the private key.
-sha256: The hash function used to calculate the digest.
-out input.data.sign: The name of the output file.
input.data: The name of the input file.