Digital signature for a file using openssl

cryptography openssl rsa
Ajay kumar picture Ajay kumar · May 28, 2012 · Viewed 81.6k times · Source

Is there a way to digitally sign a x509 certificate or any document using openssl?

Answer

reto picture reto · Aug 21, 2013

Alternative way to sign/verify a single, inspired by Anders Lindahl's answer.

to sign

openssl dgst -sha256 -sign snakeoil.key -out some-file.sha256 some-file

to verify

# dgst -verify requires the public key
openssl x509 -in snakeoil.crt -pubkey -noout > snakeoil.pub

openssl dgst -sha256  -verify  snakeoil.pub -signature some-file.sha256 some-file

# in case of success: prints "Verified OK"
# in case of failure: prints "Verification Failure", return code 1

# or compact (requires a modern shell)
openssl dgst -sha256  \
    -verify  <(openssl x509 -in snakeoil.crt -pubkey -noout) \
    -signature some-file.sha256 some-file

Related questions

Can one encrypt with a private key/decrypt with a public key?

[Disclaimer: I know, if you know anything about crypto you're probably about to tell me why I'm doing it wrong - I've done enough Googling to know this seems to be the typical response.] Suppose the following: you have a …

Read More
Why does RSA encrypted text give me different results for the same text

I am encrypting data with openSSL using RSA encryption, which works fine. My understanding of RSA is, that encrypting the same data with the same public key will always give you the same result (as stated here or here). However, …

Read More
How to compute RSA-SHA1(sha1WithRSAEncryption) value with OpenSSL

I'm confused about RSA-SHA1, I thought it's RSA_private_encrypt(SHA1(message)). But I can't get the correct signature value. Is there anything wrong?

Read More