openssl

Sign and verify data

RSA verification process is similar to RSA encryption/decryption process with one major difference.

RSA verification process is similar to RSA encryption/decryption process with one major difference.

We sign the data with a private key and verify with a public key.

This way a public key verifies the authenticity of a message signed by a secret private key.

Create a key:

First let’s generate a random 2048-bit RSA key pair (put xoxo for the password).

-des3 option encrypts the key with DES3 symmetric-key block cipher $ openssl genrsa -des3 -out xo_private.pem 2048

Extract the public key in the PEM format. $ openssl rsa -in xo_private.pem -outform PEM -pubout -out xo_public.pem

Sign:

Here is where it gets a little tricky.

-raw option forces rsautl not to use any padding.

So the input data must be exactly 256 characters long. $ openssl rsautl -sign -raw -inkey xo_private.pem -in xo_data.bin -out xo_signed.bin

Verify:

$ openssl rsautl -verify -raw -hexdump -inkey xo_public.pem -pubin -in xo_signed.bin -out xo_verified.hex

Here is simple way to convert a hex string into ASCii:

$ xxd -r -p xo_data.hex xo_data.txt

And ASCii to hex:

$ xxd -i xo_data.txt

Subscribe to The infinite monkey theorem

Get the latest posts delivered right to your inbox