Skip to content

Instantly share code, notes, and snippets.

@lukehinds

lukehinds/clean.sh

Forked from gwpl/clean.sh
Created July 12, 2020 19:40
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save lukehinds/ac04a31e48110b6f098c4fbb754ee164 to your computer and use it in GitHub Desktop.
Save lukehinds/ac04a31e48110b6f098c4fbb754ee164 to your computer and use it in GitHub Desktop.
Download ZIP
`openssl pkeyutl` how to: -sign -verify -encrypt -decrypt , using openssh keys snippets/examples
Raw
readme.md

Those are examples of how to sign, verify signature, encrypt, decrypt using openssl and ssh private-public keys based on :

They require creation of two files with public-private key pair. Those can be links to your ssh public-private key pair:

  • private_key - file with private key you want to use. Can be link to ~/.ssh/id_rsa private key
  • pub_ssh_key - file with public ssh key you want to use. Can be link to ~/.ssh/id_rsa.ssh private key

To try generation of file with signature using private key and later verifying signature against public key:

./sign.sh
./verify.sh

To try to encrypt with public key and descrypt with private key:

./encrypt.sh
./decrypt.sh
Raw
clean.sh
rm -v pub.pkcs8 test.sign test.txt.decrypted test.txt.encrypted
Raw
decrypt.sh
#!/bin/bash
# based on http://sandilands.info/sgordon/public-key-encryption-and-digital-signatures-using-openssl
#Priv Key can be even ssh
PRIVKEY=private_key #Can be link to ssh priv key: ~/.ssh/id_rsa
ENCRYPTED_FILE=test.txt.encrypted
DECRYPTED_FILE=test.txt.decrypted
ORIGINAL_TO_COMPARE=test.txt
set -x
#ssh-keygen -e -f "${PUBSSHKEY}" -m PKCS8 > "${PUBKEY}"
openssl pkeyutl -decrypt -inkey "${PRIVKEY}" -in "${ENCRYPTED_FILE}" -out "${DECRYPTED_FILE}"
cmp test.txt.decrypted test.txt && echo 'Decrypted is same as original'
Raw
encrypt.sh
#!/bin/bash
# based on http://sandilands.info/sgordon/public-key-encryption-and-digital-signatures-using-openssl
PUBSSHKEY=pub_ssh_key # can be link to ssh public key e.g. ~/.ssh/id_rsa.pub
PUBKEY=pub.pkcs8
FILE_TO_ENCRYPT=test.txt
ENCRYPTED_FILE=test.txt.encrypted
set -x
ssh-keygen -e -f "${PUBSSHKEY}" -m PKCS8 > "${PUBKEY}"
openssl pkeyutl -encrypt -pubin -inkey "${PUBKEY}" -in "${FILE_TO_ENCRYPT}" -out "${ENCRYPTED_FILE}"
Raw
sign.sh
#!/bin/bash
# based on http://superuser.com/a/498684
PRIVKEY=private_key # can be link to ssh priv key: ~/.ssh/id_rsa
FILE_TO_SIGN=test.txt
OUTPUT_SIGNATURE_FILE=test.sign
set -x
openssl pkeyutl -sign -inkey "${PRIVKEY}" -in "${FILE_TO_SIGN}" -out "${OUTPUT_SIGNATURE_FILE}"
Raw
verify.sh
#!/bin/bash
# based on http://superuser.com/a/498684
PUBSSHKEY=pub_ssh_key # can be link to ssh public key e.g. ~/.ssh/id_rsa.pub
PUBKEY=pub.pkcs8
FILE_TO_VERIFY=test.txt
SIGNATURE_FILE=test.sign
set -x
ssh-keygen -e -f "${PUBSSHKEY}" -m PKCS8 > "${PUBKEY}"
openssl pkeyutl -verify -pubin -inkey "${PUBKEY}" -in "${FILE_TO_VERIFY}" -sigfile "${SIGNATURE_FILE}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment