OpenSSL digest and signature verification command dgst Usage Details
1. Information summary and digital signature Overview
Abstract: The data is processed to obtain a fixed length result. The characteristic input is as follows:
1. Fixed Output length. That is, the output length is irrelevant to the input length.
2. irreversible. That is, theoretically, the output data cannot be exported.
4. Sensitive to input data. When the input data changes dramatically, the output data also changes significantly.
5. Anti-collision. That is, the possibility of getting the same output data from different data is very low.
Because information summarization has the above features, data integrity is generally guaranteed. abstract a large file to obtain its summary value. After transmission through the network or other channels, verify the digest value to determine whether the large file itself has changed.
Digital signature: the digital signature is actually divided into two steps. First, digest the original file, get the digest value, and then encrypt the digest value using the private key in the Public Key algorithm. Shows the signature and verification process.
The process of digital signature can be known. Digital Signature of the sent information can ensure the integrity, authenticity, and non-repudiation of the digital signature. That is, the recipient can confirm the source and authenticity of the message. The sender cannot trust the message sent by himself, which is similar to the signature in real life.
2. Digest algorithm and digital signature instructions and usage
Currently, the digest algorithms provided by openssl include md4, md5, ripemd160, sha, sha1, shaloud, sha256, sha512, sha384, and wirlpool. You can use the openssl dgst-command to view details.
As mentioned above, digital signatures are divided into two parts: abstract and encryption. Commands provided by openssl do not distinguish the two. The Digest algorithm directive contains signature and verification parameters. For example, we can see that openssl md5-command provides parameters such as signature and verification.
In openssl, digest algorithm commands can be used to complete digest or signature operations, or the same operation can be performed through dgst. Most of the RSA or DSA private keys are used for signature. When the RSA private key is used, we can use a separate Digest algorithm command to specify the Digest algorithm for signature, however, when using the DSA Signature, you must use the dgst command, because when using the DSA Signature, you must use the DSA Digest algorithm, and openssl does not provide the corresponding command for it.
/* File file.txt and RSA key RSA. pem */
Bkjia @ bkjia :~ /Test $ ls file.txt RSA. pem/* use the md5instruction to specify the sha1algorithm, sign the file.txtline, and generate the signature file sign1.txt */
Bkjia @ bkjia :~ /Test $ openssl md5-sha1-sign RSA. pem-out sign1.txt file.txt
/* Use the md5instruction to specify the sha1algorithm to sign the file.txtline and generate the signature file sign1.txt */
Bkjia @ bkjia :~ /Test $ openssl dgst-sha1-sign RSA. pem-out sign2.txt file.txt
/* If the two signature files are the same, the two commands perform the same function */
Bkjia @ bkjia :~ /Test $ diff sign1.txt sign2.txt
The md5 and dgst functions the same. However, it is confusing to specify other digest algorithms when using md5 for signature. I think it is too awkward. Therefore, we recommend that you use the dgst command for digest and signature verification ......
The usage of the dgst command is described as follows:
Bkjia @ bkjia :~ /Test $ openssl dgst-
Unknown option '-'
Options are
-C to output the digest with separating colons // the output abstract information is separated by semicolons (;) and used together with-hex.
-R to output the digest in coreutils format // specify the output format
-D to output debug info // output BIO debugging information
-Hex output as hex dump // print the output result in hexadecimal format
-Binary output in binary form // outputs binary results
-Hmac arg set the HMAC key to arg // specify the hmac key
-Non-fips-allow use of non FIPS digest // The digest algorithm that does not comply with the fips standard is allowed.
-Sign file sign digest using private key in file // execute the signature operation. The private key file is specified later.
-Verify file verify a signature using public key in file // perform the verification operation. The public key file is specified later, and cannot be used together with prverfify.
-Prverify file verify a signature using private key in file // perform the verification operation. The key file is specified later, and cannot be used together with verfify.
-Keyform arg key file format (PEM or ENGINE) // specify the key file format, pem or engine
-Out filename output to filename rather than stdout // specify the output file. By default, the standard output-signature file signature to verify // specifies the signature file. Use-sigopt nm when verifying the signature: v signature parameter // signature parameter-hmac key create hashed MAC with key // create an hmac use key-mac algorithm create MAC (not neccessarily HMAC) // create a mac-macopt nm: v MAC algorithm parameters or key // mac algorithm parameter or key-engine e use engine e, possibly a hardware device. // use hardware or a third-party keystore-md4 to use the md4 message digest algorithm // digest algorithm using md4-md5 to use the md5 message digest algorithm // digest algorithm using md5-ripemd160 to use the ripemd160 message digest algorithm // digest algorithm using ripemd160-sha to use the sha message digest algorithm // digest algorithm using sha-sha1 to use the sha1 message digest algorithm // digest algorithm using sha1-sha224 to use the sharecmessage message digest algorithm // digest algorithm using sha223-sha256 to use the sha256 message digest algorithm // digest algorithm using sha256-sha384 to use the sha384 message digest algorithm // digest algorithm using sha384-sha512 to use the sha512 message digest algorithm // the digest algorithm uses sha512-whirlpool to use the whirlpool message digest algorithm // the digest algorithm uses whirlpool
3. dgst example
1. Only digest operations are performed without signature operations.
/* Use the sha1 algorithm to perform hash operations on the file.txt file */
Bkjia @ bkjia :~ /Test $ openssl dgst-sha1 file.txt
SHA1(file.txt) = c994aec2a9007221a9b9113b8ab60a60144740c9
/* Specify the-non-fips-allow parameter, which is related to the fips standard and yet to be studied */
bkjia@bkjia:~/test$ openssl dgst –sha1 –non-fips-allow file.txt
SHA1(file.txt)= c994aec2a9007221a9b9113b8ab60a60144740c9
/* Specify the-d parameter and print the debugging message */bkjia @ bkjia :~ /Test $ openssl dgst-sha1-d file.txt BIO [02469910]: ctrl (6)-FILE pointerBIO [02469910]: ctrl return 0BIO [02469910]: ctrl (108) -FILE pointerBIO [02469910]: ctrl return 1BIO [02469910]: read (02469910)-FILE pointerBIO [02469910]: read return 37BIO []: read) -FILE pointerBIO [02469910]: read return 0SHA1(file.txt) = c994aec2a9007221a9b9113b8ab60a60144740c9BIO [02469910]: ctrl (1)-FILE pointerBIO [02 469910]: ctrl return 0BIO [02469910]: Free-FILE pointer/* specify the-c-hex parameter and print the result in hexadecimal notation */bkjia @ bkjia :~ /Test $ openssl dgst-sha1-c-hex file.txt SHA1(file.txt) = c9: 94: AE: c2: a9: 00: 72: 21: a9: b9: 11: 3b: 8a: b6: 0a: 60: 14: 47: 40: c9/* specify the-r parameter. The output result is as follows ...... */Bkjia @ bkjia :~ /Test $ openssl dgst-sha1-r file.txt c994aec2a9007221a9b9113b8ab60a60144740c9 * file.txt/* specify the-binary parameter, and the input result is binary */bkjia @ bkjia :~ /Test $ openssl dgst-sha1-binary file.txt folder ��©R! ��; �� G @ bkjia :~ /Test $
2. Use the RSA key for Signature Verification
/* Select sha256, encrypted rsa, and sign file.txt */
Bkjia @ bkjia :~ /Test $ openssl dgst-sign RSA. pem-sha256-out sign.txt file.txt
/* Use the RSA key to verify the signature (prverify parameter). The verification is successful */
Bkjia @ bkjia :~ /Test $ openssl dgst-prverify RSA. pem-sha256-signature sign.txt file.txt
Verified OKt
/* Extract the public key from the key */
Bkjia @ bkjia :~ /Test $ openssl rsa-in RSA. pem-out pub. pem-pubout
Writing RSA key
/* Use the RSA public key to verify the signature (The verify parameter). The verification is successful */
Bkjia @ bkjia :~ /Test $ openssl dgst-verify pub. pem-sha256-signature sign.txt file.txt
Verified OK
3. Use the DSA key for Signature Verification
/* Use the dsaalgorithm to extract the algorithm sha256 and sign file.txt */
Bkjia @ bkjia :~ /Test $ openssl dgst-sign DSA. pem-sha256-out sign.txt file.txt
/* Use the DSA key to verify the signature */
Bkjia @ bkjia :~ /Test $ openssl dgst-prverify DSA. pem-sha256-signature sign.txt file.txt
Verified OK
/* Use the dsaalgorithm to extract the algorithm dss1,sign file.txt */
Bkjia @ bkjia :~ /Test $ openssl dgst-sign DSA. pem-dss1-out sign1.txt file.txt
/* Use the DSA key to verify the signature */
Bkjia @ bkjia :~ /Test $ openssl dgst-prverify DSA. pem-dss1-signature sign1.txt file.txt
Verified OK
/* Extract the Public Key */
Bkjia @ bkjia :~ /Test $ openssl dsa-in DSA. pem-out pub. pem-pubout
Read DSA key
Writing DSA key
/* Use the DSA public key to verify the signature */
Bkjia @ bkjia :~ /Test $ openssl dgst-verify pub. pem-dss1-signature sign1.txt file.txt
Verified OK
/* Use the DSA public key to verify the signature */
Bkjia @ bkjia :~ /Test $ openssl dgst-verify pub. pem-sha256-signature sign.txt file.txt
Verified OK
Bkjia @ bkjia :~ /Test $
According to the dgst man manual, if you use the DSA Algorithm for signature verification, you must use the dss1 Digest algorithm. However, this experiment demonstrates that other digest algorithms can also be used for signature verification. I don't understand it here. I hope you can give me some advice ......
4. Use of HMAC
MAC message authentication code. The construction method can be based on hash or symmetric encryption algorithm. HMAC is based on hash Message Authentication code. Data and keys are used as inputs and abstract information as outputs. They are often used for authentication.
bkjia@bkjia:~/test$ openssl dgst -sha256 -hmac 123456 file.txt HMAC-SHA256(file.txt)= b8e92990b9fc2ac9b58fde06f4738dceb4fb1fc47b4d2234a9c3f152907b333a
For example, a user logs on to a server
1. the server sends a random number to the client.
2. The client uses a random number as the key and user password as the HMAC, and the result is sent to the server.
3. The server removes the Stored User Password and uses the random number and user password as the HMAC. Check whether the user identity is the same according to the HMAC result.
4. Remaining Issues
The meaning of sigopt, mac, and macopt parameters in dgst is the method of use, because no specific example is provided in the doc, which will be supplemented after the openssl source code is studied.
Why can I select another hash algorithm when using the DSA Signature? (the man manual says dss1 is the only one)
There are also the hmac and hmac parameters of dgst. That's right. You are not mistaken. It does provide two identical parameters and the explanations are different. You should study the source code.
Hateful openssl ......
For more information about OpenSSL, see the following links:
Use OpenSSL command line to build CA and Certificate
Install OpenSSL in Ubuntu
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
Use OpenSSL to generate certificates in Linux
Use OpenSSL to sign multi-domain certificates
Add a custom encryption algorithm to OpenSSL
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: