Digital signature for a file using openssl

rsa openssl cryptography

Solution 1:

To Generate Private Key

openssl genrsa -out privatekey.pem 2048

To Sign

openssl dgst -sha256 -sign privatekey.pem -out data.txt.signature data.txt

To Generate The Public Key

dgst -verify requires the public key

openssl rsa -in privatekey.pem -outform PEM -pubout -out publickey.pem

To Verify

openssl dgst -sha256 -verify publickey.pem -signature data.txt.signature data.txt
  • In case of success: prints "Verified OK", return code 0
  • In case of failure: prints "Verification Failure", return code 1

Solution 2:

Yes, the dgst and rsautl component of OpenSSL can be used to compute a signature given an RSA key pair.

Signing:

openssl dgst -sha256 data.txt > hash
openssl rsautl -sign -inkey privatekey.pem -keyform PEM -in hash >signature

Verifying just the signature:

openssl rsautl -verify -inkey publickey.pem -pubin -keyform PEM -in signature

Update: Capturing Reto's comments from below because this is an important nuance. Presumably if you are going to the trouble to verify, you want to know the signature was produced on the plaintext to which it is attached:

This might sound obvious for some but: Be aware, rsautl verify just decrypts the file signature. The output of this call is guaranteed to be produced by the owner of the private key, but beside that nothing else is being checked. So to actually verify the consistency of data.txt you have to regenerate the digest and then compare it against the output of openssl rsautl -verify.

Verifying that the owner of the private key does vouch for data.txt:

openssl dgst -sha256 -verify publickey.pem -signature signature data.txt

For this operation, openssl requires the public key, the signature, and the message.

Solution 3:

To digitally sign document in openssl it will work

For this first your certificate should be trusted it would be look like this 

-----BEGIN TRUSTED CERTIFICATE-----
MIIDbjCCAlYCCQCOyunl25ProDANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJJ
...
-----END TRUSTED CERTIFICATE-----

Then use following command 

smime -sign -signer certificate.pem -inkey private.key -in test.txt \
    -out test1.txt -from ashish -to singhal

Related

Why MAMP doesn't display errors?
Slim Framework for beginners [closed]
Installing RVM: getting error "There was an error(23)."
How to access URL segment(s) in blade in Laravel 5?
How to disable caching in Alamofire
Carbon::now() - only month
No Directionality widget found
Why is Chrome reporting a secure / non secure warning when no other browsers aren't?
Rails - How do you test ActionMailer sent a specific email in tests
Android: Matrix -> what is the different between preconcat and postconcat?
Java - Append quotes to strings in an array and join strings in an array
How to get a responsive button in bootstrap 3