openssl 签名和验证签名 举例

openssl

最近有不少人问我如何用openssl命令行来进行签名,验证签名,以及其它一些openssl的命令。

其实我对openssl也不太了解,倒是对rsa了解得比较多一些,像rsa背后的欧拉公式以及证明啊什么的,呵呵呵。

写一个小脚本,里面包含了加密/解密,签名/验证签名等一些例子,仅供参考。

[shell]

#!/bin/bash

set -e
set -x

# Generate 1024 bits rsa private key and output to file "test.key".
# This private key was encrypted by AES256 with the password "hukeping".
openssl genrsa -aes256 -passout pass:hukeping  -out test.key 1024
# Generate public key from the private key file "test.key" and output it to public key file "test.pub"
# Since the private key has been encrypted, so we need to pass in the password to decrypt it.
openssl rsa -passin pass:hukeping -in test.key -pubout -out test.pub
# Encrypt the plain message from "plain.txt" and output to cipher file "cipher.txt" with public key.
# NB., if encrypt with public key, the option "-pubin" should be provided,
# if encrypt with private key, the password should be provided if needed.
#
# As per the manual of openssl,
# -encrypt encrypt with public key
# -decrypt decrypt with private key
# So even we use private key file "test.key" to encrypt the message, openssl only use the public part of "test.key"
openssl rsautl -encrypt -pubin -inkey test.pub -in plain.txt -out cipher.txt
openssl rsautl -encrypt -passin pass:hukeping -inkey test.key -in plain.txt -out cipher_by_private_key_file.txt

# Decrypt the cipher message from "cipher.txt" and output the decrypted message into "decrypt.txt" with private key.
# Since the private key has been encrypted, so we need to pass in the password to decrypt it.
openssl rsautl -decrypt -inkey test.key -passin pass:hukeping -in cipher.txt -out decrypt.txt
openssl rsautl -decrypt -inkey test.key -passin pass:hukeping -in cipher_by_private_key_file.txt -out decrypt_also_by_private_key_file.txt

# Sign the digest of message with sha256 as the digest algorithm and output the signature to "plain.sig"
openssl dgst -sign test.key -passin pass:hukeping -sha256 -out plain.sig plain.txt

# Verify the signature with the public key from public key file "test.pub",
# Please be note that, the signature is of the digest of the message from file "plain.txt".
openssl dgst -verify test.pub -sha256 -signature plain.sig plain.txt
# Since the public key can be retrieved from private key file,
# so openssl also support verify signature via private key file.
openssl dgst -prverify test.key -passin pass:hukeping -sha256 -signature plain.sig plain.txt

[/shell]

Fail when go get gopkg.in/yaml.v2

One may comes across some error on install yaml.v2 using `go get`, like:

$ go get gopkg.in/yaml.v2
package gopkg.in/yaml.v2: unrecognized import path "gopkg.in/yaml.v2"

Usually it’s a network error, please try:

$ go get -v gopkg.in/yaml.v2
Fetching https://gopkg.in/yaml.v2?go-get=1
https fetch failed.
import "gopkg.in/yaml.v2": https fetch: Get https://gopkg.in/yaml.v2?go-get=1: x509: certificate signed by unknown authority
package gopkg.in/yaml.v2: unrecognized import path "gopkg.in/yaml.v2"

If this is what you get, then just  type:


$ go get -insecure gopkg.in/yaml.v2

And that’s all you need, enjoy 🙂

Tips for cron

Hi there,

We all know that if one wants to schedule jobs (commands or shell scripts) to run periodically at certain times or dates, he can use `cron`.

If you `man cron` you would like to get:

Cron – daemon to execute scheduled commands.

And here are some tips for newcomes:

1. Use absolute path instead of relative path. For example:

*/5 * * * * /home/ubuntu/cron/test.sh

And what in the test.sh should also use the absolute path.

 

2.  I haven’t thought about yet 🙂