* OpenSSLで電子署名の生成と署名検証 [#b9c12887] #contents -- 関連 --- [[Javaでhttps通信時の証明書検証について]] --- [[Apache+openSSLでクライアント認証]] --- [[クライアント認証付きのHTTPSリクエスト発行]] --- [[ApacheでSSL(SNI)設定]] ** 秘密鍵の生成 [#a49628e1] #html(<div style="padding-left:10px;">) #myterm2(){{ openssl genrsa 1024 > private-key.pem }} #html(</div>) ** 公開鍵の生成 [#kc86eef3] #html(<div style="padding-left:10px;">) #myterm2(){{ openssl rsa -in private-key.pem -pubout -out public-key.pem }} #html(</div>) ** メッセージを作成 [#o69bfe76] #html(<div style="padding-left:10px;">) #myterm2(){{ echo 'test message!!'>test.txt }} #html(</div>) ** 電子署名を生成する [#f4a9d067] #html(<div style="padding-left:10px;">) #myterm2(){{ openssl dgst -sha256 -sign private-key.pem test.txt > signature.dat }} #html(</div>) ** 電子署名を検証する(OpenSSL) [#gf48440c] #html(<div style="padding-left:10px;">) #myterm2(){{ openssl dgst -sha256 -verify public-key.pem -signature signature.dat test.txt }} #html(</div>) ** 電子署名を検証する(Python) [#d25ed8e9] #html(<div style="padding-left:10px;">) *** pyopensslのインストール [#ld5e92f3] #html(<div style="padding-left:10px;">) #myterm2(){{ pip install pyopenssl -t . }} #html(</div>) *** 署名検証 [#pf096f1a] #html(<div style="padding-left:10px;">) #mycode2(){{ from OpenSSL.crypto import X509 from OpenSSL.crypto import PKey from OpenSSL.crypto import load_publickey as ssl_load_publickey from OpenSSL.crypto import verify as ssl_verify from OpenSSL.crypto import FILETYPE_PEM from OpenSSL.crypto import Error as SSL_Error # 公開鍵を読み込み certificate = X509() with open("public-key.pem", "r") as f: cleartextPublicKeyPEM = f.read(); certificate.set_pubkey(ssl_load_publickey(FILETYPE_PEM, cleartextPublicKeyPEM)) # 電子署名を読み込み with open("signature.dat", "rb") as f: signature = f.read(); # メッセージを読み込み with open("test.txt", "r") as f: message = f.read(); # 公開鍵を使用して電子署名を検証 try: ret = ssl_verify(certificate, signature, message, "sha256") print("verify OK!") except SSL_Error: print("verify Error!!") }} 参考: https://pyopenssl.org/en/stable/api/crypto.html#signing-and-verifying-signatures #html(</div>) #html(</div>)