Notes on Digital Signatures using openssl
Here is a short blog post to understand digital signatures and how public and private key works.
Digital signature has three parts to it, 1. A key generation algorithm (which creates public-private key pair) 2. Hashing /Signing algorithm. When a message and private key is given as input, this gives a hash value as an output. Variable length input fixed length output. 3. Verification algorithm. When Message, public key, and hash values are given, this validates the authenticity.
- Key generation – To test this, lets create a new folder. Navigate to new folder and create a file with some text.
file creation
echo ThisMessagewillbeEncrypted. > file.txt
Key generation
$ openssl genrsa -out privateKey.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................................+++++
..........................................................................................................................+++++
e is 65537 (0x010001)
#Getting public key out of private key
$ openssl rsa -in privateKey.pem -pubout > publicKey.pem
writing RSA key
Signing the message, given a message and private key, hashing function will create a unique signature.
$ openssl dgst -sha256 -sign privateKey.pem -out sha256SignedFile file.txt
Verification, with message, public key, and hashed value authenticity is verified.
$ openssl dgst -sha256 -verify publicKey.pem -signature sha256SignedFile file.txt
Verified OK
Encrypting using private key and decrypting using public key
#curent folder contents
$ ls
file.txt privateKey.pem publicKey.pem sha256SignedFile
Encrypting and Decrypting file.txt
$ openssl rsautl -encrypt -in file.txt -out encrypted_file -inkey publicKey.pem -pubin
#contents of folder now
$ ls
encrypted_file file.txt privateKey.pem publicKey.pem sha256SignedFile
#Decryption, gives contents of file
$ openssl rsautl -decrypt -in encrypted_file -inkey privateKey.pem
this message will be encrypted.
References: 1. Blog Post by @bn121rajesh 2. Digital Signatures
#notes #Crypto #DigitalSignature
— By Fabian Darius