Digital Signatures with Asymmetric Encryption

G5 Cyber Security

2 weeks ago

TL;DR

This guide shows you how to create and verify digital signatures using asymmetric encryption (public/private key pairs). This proves a message’s origin and that it hasn’t been tampered with.

What You Need

A computer
OpenSSL installed. Most Linux distributions have this by default. For Windows, you can download it from the OpenSSL website.

Step 1: Generate a Key Pair

First, we need to create a public and private key pair for the sender (you). The private key is kept secret, and the public key can be shared.

openssl genrsa -out private.pem 2048

This creates a 2048-bit RSA private key named private.pem. Don’t share this file!

openssl rsa -in private.pem -pubout -out public.pem

This extracts the public key from your private key and saves it as public.pem.

Step 2: Create a Digital Signature

Now, let’s sign a message. We’ll use OpenSSL to do this.

a) Create the Message File

Create a text file named message.txt containing the message you want to sign. For example:

echo "This is my important message." > message.txt

b) Sign the Message

Use OpenSSL to create the signature.

openssl dgst -sha256 -sign private.pem -out signature.bin message.txt

This command does the following:

dgst: The digest (hashing) tool.
-sha256: Use the SHA256 hashing algorithm. This is a common and secure choice.
-sign private.pem: Sign the message using your private key.
-out signature.bin: Save the signature to a file named signature.bin.
message.txt: The file containing the message you’re signing.

Step 3: Verify the Signature

To verify the signature, we need the original message, the public key, and the signature file.

a) Verification Command

openssl dgst -sha256 -verify public.pem -signature signature.bin message.txt

This command does the following:

-verify public.pem: Verify the signature using your public key.
-signature signature.bin: The file containing the digital signature.
message.txt: The original message file.

b) Interpreting the Results

If the signature is valid, you’ll see:

Verified OK

If the signature is invalid (e.g., the message has been altered or a different private key was used), you’ll get an error message.

Important Considerations

Keep your private key safe! Anyone with access to your private key can forge signatures in your name.
Hashing Algorithm: SHA256 is generally considered secure, but newer algorithms like SHA3-256 are also available.
Key Length: 2048 bits is a good starting point for RSA keys. You can use larger key sizes (e.g., 4096 bits) for increased security, but this will increase processing time.