openssl / RSA - 使用公钥解密
[英]openssl/RSA - Using a Public key to decrypt
问题描述
I'm looking to secure the software update procedure for a little device I'm maintaining that runs Linux. 
我正在寻找一个我维护运行Linux的小设备的软件更新程序。 I want to generate an md5sum of the update package's contents and then encrypt that hash with a private key before sending it out to the customer. 我想生成更新包内容的md5sum,然后使用私钥加密该哈希值,然后再将其发送给客户。 When they load the update, the device should then decrypt the hash, verify it, and proceed with installation of the package. 当他们加载更新时,设备应该解密哈希,验证它,然后继续安装包。
I'm trying to do this with OpenSSL and RSA. 我正在尝试使用OpenSSL和RSA。 I found this thread, and was discouraged. 我找到了这个帖子,并且气馁了。 I then found this thread and wondered how Perl gets around the purported impossibility of it all. 然后我找到了这个帖子,并想知道Perl是如何解决这一切所谓的不可能性的。 I'm doing this in C, so perhaps there's a parallel function in an SSL library somewhere? 我在C中这样做,所以也许某个地方的SSL库中有并行功能?
So my question really is: can I force command line Linux to take a public key as the decryption input, or perhaps use C to circumvent that limitation? 所以我的问题是:我可以强制命令行Linux将公钥作为解密输入,还是使用C来规避这种限制?
Thanks in advance, all. 所有人都提前谢谢。
1 个解决方案
解决方案1
10 已采纳 2013-01-14 22:24:54
Let's assume you have generated a public and private RSA key using openssl genrsa : 假设您使用openssl genrsa生成了公共和私有RSA密钥:
$ openssl genrsa -out mykey
Generating RSA private key, 512 bit long modulus
...++++++++++++
..........++++++++++++
e is 65537 (0x10001)
$ openssl rsa -in mykey -pubout -out mykey.pub
writing RSA key
You can sign something with the private key like this: 您可以使用私钥签名,如下所示:
$ md5sum myfile | openssl rsautl -inkey mykey -sign > checksum.signed
You can verify this data using the public key: 您可以使用公钥验证此数据:
$ openssl rsautl -inkey mykey.pub -pubin -in checksum.signed
df713741d8e92b15977ccd6e019730a5 myfile
Is this what you're looking for? 这是你在找什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.