Sign and verify a file using OpenSSL command line tool. It exports the digital signature in Base64 format.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Sign a file with a private key using OpenSSL | |
| # Encode the signature in Base64 format | |
| # | |
| # Usage: sign <file> <private_key> | |
| # | |
| # NOTE: to generate a public/private key use the following commands: | |
| # | |
| # openssl genrsa -aes128 -passout pass:<passphrase> -out private.pem 2048 | |
| # openssl rsa -in private.pem -passin pass:<passphrase> -pubout -out public.pem | |
| # | |
| # where <passphrase> is the passphrase to be used. | |
| filename=$1 | |
| privatekey=$2 | |
| if [[ $# -lt 2 ]] ; then | |
| echo "Usage: sign <file> <private_key>" | |
| exit 1 | |
| fi | |
| openssl dgst -sha256 -sign $privatekey -out /tmp/$filename.sha256 $filename | |
| openssl base64 -in /tmp/$filename.sha256 -out signature.sha256 | |
| rm /tmp/$filename.sha256 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Verify a file with a public key using OpenSSL | |
| # Decode the signature from Base64 format | |
| # | |
| # Usage: verify <file> <signature> <public_key> | |
| # | |
| # NOTE: to generate a public/private key use the following commands: | |
| # | |
| # openssl genrsa -aes128 -passout pass:<passphrase> -out private.pem 2048 | |
| # openssl rsa -in private.pem -passin pass:<passphrase> -pubout -out public.pem | |
| # | |
| # where <passphrase> is the passphrase to be used. | |
| filename=$1 | |
| signature=$2 | |
| publickey=$3 | |
| if [[ $# -lt 3 ]] ; then | |
| echo "Usage: verify <file> <signature> <public_key>" | |
| exit 1 | |
| fi | |
| openssl base64 -d -in $signature -out /tmp/$filename.sha256 | |
| openssl dgst -sha256 -verify $publickey -signature /tmp/$filename.sha256 $filename | |
| rm /tmp/$filename.sha256 |
Thanks. These scripts really help me out
It only took 4 years for people to realize what a 2 part bash script proved years ago...
This is amazing! Thank you for the article and thank you for the scripts!
I am using Code Signing feature of AWS IoT Jobs, and I was stuck on how to verify the signatures :D
Use following in sign.sh to have it fully non-interactive:
openssl dgst -sha256 -sign $privatekey -passin pass:<passphrase> -out /tmp/$filename.sha256 $filename
Thanks a lot, mate. This is very useful.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Congrats, Satoshi loves you, apparently. https://www.reddit.com/r/Buttcoin/comments/4hkpwe/inventor_of_bitcoin_proves_he_can_write_a_2line/