Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sign and verify a file using OpenSSL command line tool. It exports the digital signature in Base64 format.
#!/bin/bash
# Sign a file with a private key using OpenSSL
# Encode the signature in Base64 format
#
# Usage: sign <file> <private_key>
#
# NOTE: to generate a public/private key use the following commands:
#
# openssl genrsa -aes128 -passout pass:<passphrase> -out private.pem 2048
# openssl rsa -in private.pem -passin pass:<passphrase> -pubout -out public.pem
#
# where <passphrase> is the passphrase to be used.
filename=$1
privatekey=$2
if [[ $# -lt 2 ]] ; then
echo "Usage: sign <file> <private_key>"
exit 1
fi
openssl dgst -sha256 -sign $privatekey -out /tmp/$filename.sha256 $filename
openssl base64 -in /tmp/$filename.sha256 -out signature.sha256
rm /tmp/$filename.sha256
#!/bin/bash
# Verify a file with a public key using OpenSSL
# Decode the signature from Base64 format
#
# Usage: verify <file> <signature> <public_key>
#
# NOTE: to generate a public/private key use the following commands:
#
# openssl genrsa -aes128 -passout pass:<passphrase> -out private.pem 2048
# openssl rsa -in private.pem -passin pass:<passphrase> -pubout -out public.pem
#
# where <passphrase> is the passphrase to be used.
filename=$1
signature=$2
publickey=$3
if [[ $# -lt 3 ]] ; then
echo "Usage: verify <file> <signature> <public_key>"
exit 1
fi
openssl base64 -d -in $signature -out /tmp/$filename.sha256
openssl dgst -sha256 -verify $publickey -signature /tmp/$filename.sha256 $filename
rm /tmp/$filename.sha256
@aliakhtar

This comment has been minimized.

@mrcancer91

This comment has been minimized.

Copy link

@mrcancer91 mrcancer91 commented Apr 18, 2018

Thanks. These scripts really help me out

@sambacha

This comment has been minimized.

Copy link

@sambacha sambacha commented Jun 30, 2020

It only took 4 years for people to realize what a 2 part bash script proved years ago...

@mehtaparitosh

This comment has been minimized.

Copy link

@mehtaparitosh mehtaparitosh commented Aug 19, 2020

This is amazing! Thank you for the article and thank you for the scripts!

I am using Code Signing feature of AWS IoT Jobs, and I was stuck on how to verify the signatures :D

@liiri

This comment has been minimized.

Copy link

@liiri liiri commented Jan 31, 2021

Use following in sign.sh to have it fully non-interactive:

openssl dgst -sha256 -sign $privatekey -passin pass:<passphrase> -out /tmp/$filename.sha256 $filename
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment