Tutorial: Code Signing and Verification with. Tutorial: Code Signing and Verification with OpenSSL. And verify a digital signature. Openssl enc -base64 -d. For example, a pdf file can be digitally signed and sent to someone. The recipient can then use the standard/free Adobe Reader to open the pdf and verify its digital signature(s). The 'format' for plain text files (file filled with characters) does not support digital signatures. So you'd need an envelope for the text and its digital signature or deal with the digital signature separately.

I use SSH (OpenSSH 5.5p1 on Linux, to be precise). I have a key, on which i have a passphrase. I use this for the usual logging in to computers stuff. Can i also use it to sign files?

As i understand it, an SSH key is an RSA (or DSA) key, and during the SSH login process, it is used to sign messages sent to the server. So in principle and in practice, it can be used to sign things - indeed, that is its sole purpose.

But as far as i can see, there is no way to use the key to sign an arbitrary file (as you would with PGP, say). Is there some way to do this? There may not be a way to do this with the OpenSSH tools alone. But it can be done quite easily with the OpenSSL tools. In fact, there are at least two ways to do it.

In the examples below, ~/.ssh/id_rsa is your private key. One way is using dgst: openssl dgst -sign ~/.ssh/id_rsa some-file The other is using pkeyutl: openssl pkeyutl -sign -inkey ~/.ssh/id_rsa -in some-file Both of these write a binary signature to standard output.

Dgst takes a -hex option will print a textual representation, with some details about the form of the signature. Pkeyutl takes a -hexdump option which is a bit less useful. Both will accept both RSA and DSA keys. Maxwell Sample Scene Download. I have no idea what the format of the output is. The two commands produce different formats.

I get the impression that pkeyutl is considered more modern than dgst. To verify those signatures: openssl dgst -verify $PUBLIC_KEY_FILE -signature signature-file some-file and: openssl pkeyutl -verify -inkey $PUBLIC_KEY_FILE -sigfile signature-file -in some-file The problem here is $PUBLIC_KEY_FILE.

OpenSSL can't read OpenSSH's public key format, so you can't just use id_rsa.pub. You have a few options, none ideal. If you have a version of OpenSSH of 5.6 or later, you can apparently do this: ssh-keygen -e -f ~/.ssh/id_rsa.pub -m pem Which will write the public key to standard output in PEM format, which OpenSSL can read. If you have the private key, and it's an RSA key, then you can extract the public key from it (I assume the PEM-encoded private key file includes a copy of the public key, since it is not possible to derive the public key from the private key itself), and use that: openssl rsa -in ~/.ssh/id_rsa -pubout I don't know if there's a DSA equivalent.