Digital Signatures

Index

Digital signatures

In this example we will see how you can use OpenSSL to generate and verify digital signatures.

Generate a digital signature for a file

To generate the digital signature of a file, we will perform the following operations:

  1. Create a key pair and save it to a file:

    openssl genrsa -out ./keypair.pem 4096

  2. Extract the public key from the key pair:

    openssl rsa -in ./keypair.pem -out ./publickey.pem -outform PEM -pubout

  3. Generate a hash of a file we want to sign:

    openssl dgst -ripemd160 < ./snowden.jpg > ./hash1

  4. Using the private key, sign the hash and save it to a file:

    openssl rsautl -sign -inkey ./keypair.pem -keyform PEM -in ./hash1 > signature

Verify the digital signature of a file

To check the previously generated subscription, you need to perform the following operations:

  1. Create a hash of the file whose signature we want to verify:

    openssl dgst -ripemd160 < ./snowden.jpg > ./hash2

  2. Verify the digital signature using the public key:

    openssl rsautl -verify -inkey ./publickey.pem -keyform PEM -pubin -in ./signature > verified

  3. Verify the difference between the original verified hash and the newly generated hash:

    diff -s ./verified ./hash2 
Files ./verified and ./hash2 are identical
PreviousDiffie-Hellman (DH)NextDigital Certificates

Last updated