# Sign and verify data

RSA verification process is similar to RSA encryption/decryption process with one major difference.

RSA verification process is similar to RSA encryption/decryption process with one major difference.

We sign the data with a private key and verify with a public key.

This way a public key verifies the authenticity of a message signed by a secret private key.

Create a key:

First let’s generate a random 2048-bit RSA key pair (put xoxo for the password).

-des3 option encrypts the key with DES3 symmetric-key block cipher
`$ openssl genrsa -des3 -out xo_private.pem 2048`

Extract the public key in the PEM format.
`$ openssl rsa -in xo_private.pem -outform PEM -pubout -out xo_public.pem`

Sign:

Here is where it gets a little tricky.

-raw option forces rsautl not to use any padding.

So the input data must be exactly 256 characters long.
`$ openssl rsautl -sign -raw -inkey xo_private.pem -in xo_data.bin -out xo_signed.bin`

Verify:

`$ openssl rsautl -verify -raw -hexdump -inkey xo_public.pem -pubin -in xo_signed.bin -out xo_verified.hex`

Here is simple way to convert a hex string into ASCii:

`$ xxd -r -p xo_data.hex xo_data.txt`

And ASCii to hex:

`$ xxd -i xo_data.txt`

### Subscribe to The infinite monkey theorem

Get the latest posts delivered right to your inbox