Notes on Digital Signatures using openssl

Here is a short blog post to understand digital signatures and how public and private key works.

Digital signature has three parts to it, 1. A key generation algorithm (which creates public-private key pair) 2. Hashing /Signing algorithm. When a message and private key is given as input, this gives a hash value as an output. Variable length input fixed length output. 3. Verification algorithm. When Message, public key, and hash values are given, this validates the authenticity.

  1. Key generation – To test this, lets create a new folder. Navigate to new folder and create a file with some text.

file creation echo ThisMessagewillbeEncrypted. > file.txt

Key generation

$ openssl genrsa -out privateKey.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................................+++++
..........................................................................................................................+++++
e is 65537 (0x010001)

#Getting public key out of private key
$ openssl rsa -in privateKey.pem -pubout > publicKey.pem
writing RSA key

Signing the message, given a message and private key, hashing function will create a unique signature.

$ openssl dgst -sha256 -sign privateKey.pem -out sha256SignedFile file.txt

Verification, with message, public key, and hashed value authenticity is verified.

$ openssl dgst -sha256 -verify publicKey.pem -signature sha256SignedFile file.txt
Verified OK

Encrypting using private key and decrypting using public key

#curent folder contents
$ ls
file.txt  privateKey.pem  publicKey.pem  sha256SignedFile

Encrypting and Decrypting file.txt

$ openssl rsautl -encrypt -in file.txt -out encrypted_file -inkey publicKey.pem  -pubin

#contents of folder now
$ ls
encrypted_file  file.txt  privateKey.pem  publicKey.pem  sha256SignedFile

#Decryption, gives contents of file
$ openssl rsautl -decrypt -in encrypted_file -inkey privateKey.pem
this message will be encrypted.

References: 1. Blog Post by @bn121rajesh 2. Digital Signatures

#notes #Crypto #DigitalSignature


— By Fabian Darius