OpenSSL "rsautl sign" RSA Signature Generation - JohnHau/mis GitHub Wiki

OpenSSL "rsautl -sign" - RSA Signature Generation

Q What is the purpose of the OpenSSL "rsautl -sign" command? Can I use it to sign a document?

✍: FYIcenter.com

A Yes, you can use OpenSSL "rsautl -sign" command to sign a document. But you need other OpenSSL commands to generate a digest from the document first as shown in the following test:

C:\Users\fyicenter>dir \windows\system32\notepad.exe 07/09/2015 01:42 PM 179,712 notepad.exe

C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> dgst -sha1 -binary -out sha1.dgt \windows\system32\notepad.exe

OpenSSL> rsautl -sign -inkey my_rsa.key -in sha1.dgt -out sha1_signed.dgt

OpenSSL> pkey -in my_rsa.key -pubout -out my_rsa_pub.key OpenSSL commands used in this test are:

"dgst -sha1 -binary -out sha1.dgt \windows\system32\notepad.exe" - Generate a digest string from the document, notepad.exe, with the SHA-1 algorithm using the "dgst -sha1" command. "rsautl -sign -inkey my_rsa.key -in sha1.dgt -out sha1_signed.dgt" - Sign the digest, sha1.dgt, with the RSA private key using the "rsautl sign" command. The output, sha1_signed.dgt, is also called the digital signature of the document. "pkey -in my_rsa.key -pubout -out my_rsa_pub.key" - Extract the RSA public key from the RSA private key with "pkey -pubout" command You can now send out notepad.exe, sha1_signed.dgt, and my_rsa_pub.key, as a "signed" document.