Is there a way to digitally sign a x509 certificate or any document using openssl?
Asked
Active
Viewed 1.2e+01k times
3 Answers
92
To Generate Private Key
openssl genrsa -out privatekey.pem 2048
To Sign
openssl dgst -sha256 -sign privatekey.pem -out data.txt.signature data.txt
To Generate The Public Key
dgst -verify requires the public key
openssl rsa -in privatekey.pem -outform PEM -pubout -out publickey.pem
To Verify
openssl dgst -sha256 -verify publickey.pem -signature data.txt.signature data.txt
- In case of success: prints
"Verified OK", return code0 - In case of failure: prints
"Verification Failure", return code1
Farshid Ashouri
- 16,143
- 7
- 52
- 66
reto
- 16,189
- 7
- 53
- 67
-
This helped - I had the crt file, but didn't know how to go about verifying without the .pub file. Now I know ;-) – JWL Jul 16 '14 at 07:52
-
1To clarify, `some-file.sha256` is actually the signature (e.g. signature.txt), and `some-file` is actually the message to be signed (e.g. message.txt). So in both operations, `some-file` is an input file. In the `-sign` operation, `signature.txt` is an output file, and in the `-verify` operation, `signature.txt` is an input file. I would edit it, but I'll let you do that if you wish. – toddmo May 14 '18 at 00:23
-
@reto Is `some-file.sha256` is a binary file? is this normal? Since after doing so I got a content of a file that looks like this `@ugڻ��^{�{�9T�*�xAO"kd{�����d������͊��(����k�,A'c;�&�g��[b��e�i:��hh0���^���:�Y@��e�$��A������-�?�'�` After executing the given command: `openssl dgst -sha256 -sign snakeoil.key -out some-file.sha256 some-file` – Shift 'n Tab Mar 26 '19 at 15:13
-
2@Roel It is normal and expected. – randomuser5215 May 20 '19 at 08:27
64
Yes, the dgst and rsautl component of OpenSSL can be used to compute a signature given an RSA key pair.
Signing:
openssl dgst -sha256 data.txt > hash
openssl rsautl -sign -inkey privatekey.pem -keyform PEM -in hash >signature
Verifying just the signature:
openssl rsautl -verify -inkey publickey.pem -pubin -keyform PEM -in signature
Update: Capturing Reto's comments from below because this is an important nuance. Presumably if you are going to the trouble to verify, you want to know the signature was produced on the plaintext to which it is attached:
This might sound obvious for some but: Be aware, rsautl verify just decrypts the file signature. The output of this call is guaranteed to be produced by the owner of the private key, but beside that nothing else is being checked. So to actually verify the consistency of data.txt you have to regenerate the digest and then compare it against the output of openssl rsautl -verify.
Verifying that the owner of the private key does vouch for data.txt:
openssl dgst -sha256 -verify publickey.pem -signature signature data.txt
For this operation, openssl requires the public key, the signature, and the message.
NSGod
- 22,699
- 3
- 58
- 66
Anders Lindahl
- 41,582
- 9
- 89
- 93
-
4This will leave a hex/ascii form of the hash in the file "hash", if you wanted a binary version of the hash to be signed, you need to use "-binary" on the openssl dgst command line. – davenpcj Apr 16 '13 at 00:50
-
6
-
21This might sound obvious for some but: Be aware, `rsault verify` just decrypts the file `signature`. The output of this call is guaranteed to be produced by the owner of the private key, but beside that nothing else is being checked. So to actually verify the consistency of `data.txt` you have to regenerate the digest and then compare it against the ouptut of `openssl rsautl -verify`. – reto Aug 21 '13 at 12:54
-
When security tools give a syntactically correct answer while doing something counter-intuitive it tends to lead to systems that fail silently and bad outcomes. I figured the comment from @reto needed more visibility so I copied it to the answer. – T.Rob Aug 07 '15 at 14:39
-
thanks @T.Rob I recommend to just use my solution and ignore this answer completely :) ! – reto Aug 07 '15 at 14:44
-
1Unfortunately an artifact of Stack Overflow makes that somewhat unlikely to happen. Since this answer is the accepted one, it'll continue to be more visible than yours. I did at least vote yours up. – T.Rob Aug 07 '15 at 14:49
-
when I pass the publickey.pem to -verify option I get an error saying `unable to load private key, EXPECTING ANY PRIVATE KEY`. After passing private key again in -verify option I get the sha256 hash back which I signed with private key. After getting the sha256 hash I need again calculate the hash of orignal text and compare with sha256 output hash of -verify option. – InvisibleWolf Sep 05 '16 at 16:28
-
@reto Yes you are right. The simple fix is to use `openssl dgst` to do the verification. This of course requires the plaintext to do its work. `openssl dgst -sha256 -verify publickey.pem -signature signature data.txt` – bobbogo Nov 08 '17 at 11:52
-
2Hi, I just test with the same way. I use "openssl rsautl -verify -inkey publickey.pem -pubin -keyform PEM -in signature" to get the hash value, and it's the same as my hash file. But I use "openssl dgst -sha256 -verify publickey.pem -signature signature data.txt", it shows Verification Failure. Why is that happened? – Neal Jun 29 '18 at 07:32
-
1@Neal I had the same problem I think the signature with rsautl is only done on the hash. The openssl dgst man page has the correct example to do signing and verification https://www.openssl.org/docs/man1.0.2/man1/openssl-dgst.html `openssl dgst -sha256 -sign privatekey.pem -out signature data.txt` and to verify `openssl dgst -sha256 -verify publickey.pem -signature signature data.txt` – user1464603 May 31 '21 at 08:24
8
To digitally sign document in openssl it will work
For this first your certificate should be trusted it would be look like this
-----BEGIN TRUSTED CERTIFICATE-----
MIIDbjCCAlYCCQCOyunl25ProDANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJJ
...
-----END TRUSTED CERTIFICATE-----
Then use following command
smime -sign -signer certificate.pem -inkey private.key -in test.txt \
-out test1.txt -from ashish -to singhal
jww
- 97,681
- 90
- 411
- 885
Ashish Singhal
- 405
- 5
- 21