标签:openssl signature rsa encrypt decrypt
openssl genrsa -out private.pem 1024 >private.pem
This creates a key file called private.pem. This file actually have both the private and public keys, so you should extract the public one from this file:
openssl rsa -in private.pem -out public.pem -outform PEM -pubout >public.pem
You‘ll now have public.pem containing just your public key, you can freely share this with 3rd parties.
echo ‘data to sign‘ > data.txt openssl dgst -md5 data.txt >data‘s md5 code
openssl rsautl -sign -inkey private.pem -keyform PEM -md5 -out data.sign data.txt > signature
The file ‘signature‘ and the actual data ‘data.txt‘ can now be communicated to the receiving end. The hash algorithm (in our case md5) as well as the public key must also be known to the receiving end.
openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -md5 -signature -signature data.sign data.txt > verified
diff -s verified hash
If the result of the above command ‘verified‘ matches the hash generated in Step 3.1 (in which case you the result of the diff command would be ‘Files verified and hash are identical‘) then the signature is considered authentic and the integrity/authenticity of the data is proven.
本文出自 “Mr_Computer” 博客,请务必保留此出处http://caochun.blog.51cto.com/4497308/1559636
标签:openssl signature rsa encrypt decrypt
原文地址:http://caochun.blog.51cto.com/4497308/1559636
