[openssl commands] Sign a file, verify a signature etc. using openssl #openssl #encryption

openssl-sign-verify.md

Sign a file using the private key

1. Sign a file input-file.txt and base64 encode it for sharing.

$ openssl dgst -sha256 -sign ~/.ssh/id_rsa input-file.txt | base64 > signb64.txt

Alternatively

$ openssl dgst -sha256 -sign ~/.ssh/id_rsa -out sign.sha256 input-file.txt
$ openssl base64 -in sign.sha256 -out <signature>

Verify a base64 encoded signature

1. Decode the base64 encoded signature

 $ openssl base64 -d -A -in signb64.txt -out signsha256.txt

2. Verify the file input-file.txt against its signature

$ openssl dgst -sha256 -verify id_rsa.pub -signature signsha256.txt input-file.txt
Verified OK

Get public key in DER format

openssl rsa -in ~/.ssh/id_rsa -out id_rsa_pub.der -outform DER -pubout

Get SHA256 fingerprint from the DER format

openssl dgst -sha256 id_rsa_pub.der

Convert ssh-keygen generated private key in PEM format to PKCS8|DER formats

$ openssl pkcs8 -topk8 -inform PEM -outform PEM -in id_rsa -out id_rsa_pkcs8 -nocrypt
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in id_rsa -out id_rsa_pkcs8 -nocrypt