OpenSSH Signing a File and appending to Signing to File + Verification

Submitted by admin on

Create the signing keys

openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "signing.key" \
-out "signingKey.crt" -days 365 -subj "/C=NL/ST=QC CA/L=Montreal/O=PacificSimplicity \
/OU=Dev/CN=Dev Signing Key"

Then sign the file with the following command

openssl dgst -sha256 -sign "signing.key" -out <outputSigned>.sha256 \
<inputFile>; cat <inputFile> <outputSigned>.sha256 > <outputSigned>.appended

To verify the file, execute the following command

openssl dgst -sha256 -verify <(openssl x509 -in "../keys/signingKey.crt"  \
-pubkey -noout) -signature  <outputSigned>.sha256 <(head -c -512 <outputSigned>.appended)

If the contents have not changed, the output will output:

Verified OK

If the validation failed, the file doesn't match the signed value then the file is corrupt or modified/tampered.

Verification Failure

Blog tags: 

Comments

Hi! I could have sworn I've

Submitted by Aretha (not verified) on

Hi! I could have sworn I've been to this blog before but after browsing through some of the post I realized it's new to me. Anyways, I'm definitely delighted I found it and I'll be book-marking and checking back often!

Add new comment

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <python> <c>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.