Pages

Monday, April 18, 2011

Use OpenSSL to sign a document

OpenSSL is an open source cryptography  library with lots of useful functions. First part, how to sign a document using DSA signature scheme. 

  1. Use dsaparam to generate DSA parameters(p, q, g), used to generate keys (possibly several keys):
    openssl dsaparam 1024 > dsaparam.pem
  2. Generate key file (contains private and public key):
    openssl gendsa dsaparam.pem -out dsa_key.pem 
    Or, if the parameters p,q,g weren't precomputed (step 1):
    openssl dsaparam -noout -out dsa_key.pem -genkey 1024
  3. Extract public key
    openssl.exe dsa -in dsa_key.pem -pubout -out dsa_pub_key.pem
  4. Generate sha1 hash of a file.
    openssl dgst -sha1 foo.txt | awk '{print $2}' > foo.txt.sha1
  5. Sign the hash
    openssl dgst -dss1 -sign dsa_key.pem text.txt.sha1 >foo.txt.sig
  6. Verify the signature (using public key)
    openssl dgst -dss1 -verify dsa_pub_key.pem -signature foo.txt.sig foo.txt.sha1

Links:
  1.  DSA key processing man page
  2. OpenSSL command-line Howto
Posted by Liviu at
Labels: , ,

3 comments:

  1. AnonymousJuly 4, 2011 at 1:53 PM

    hi

    ReplyDelete
  2. LiviuJuly 5, 2011 at 11:55 PM

    hi:)

    ReplyDelete
  3. electronic signature for sharepointJuly 11, 2011 at 8:18 AM

    I agree that OpenSSL is cryptography library with lots of useful features and functions moreover it is available free as its opensource.I never needed to use it but today I was given an assignment that needed me to use it.Your steps helped me a lot so thanks for writing.

    ReplyDelete

Subscribe to: Post Comments (Atom)