OpenSSL dgst command (with examples)
OpenSSL is a widely-used open-source library that provides cryptographic functionality. One of the commands within OpenSSL is openssl dgst, which is used to generate digest values and perform signature operations. In this article, we will explore different use cases of the openssl dgst command and provide code examples for each use case.
Use Case 1: Calculate the SHA256 digest for a file
The openssl dgst command can be used to calculate the SHA256 digest for a file. The SHA256 algorithm generates a 256-bit hash value that is unique for each input file. The following code demonstrates how to calculate the SHA256 digest for a file and save the result to a specific file:
openssl dgst -sha256 -binary -out output_file input_file
-sha256: specifies that the SHA256 algorithm should be used.-binary: outputs the digest value in binary format (instead of the default hexadecimal format).-out output_file: specifies the path to the file where the digest value will be saved.input_file: specifies the path to the input file for which the digest value should be calculated.
Example Output:
The command openssl dgst -sha256 -binary -out digest.bin input.txt calculates the SHA256 digest for the file input.txt and saves the binary digest value to the file digest.bin.
Use Case 2: Sign a file using an RSA key
The openssl dgst command can also be used to sign a file using an RSA key. This is commonly used in scenarios where message integrity and authentication are required. The following code demonstrates how to sign a file using an RSA key and save the result to a specific file:
openssl dgst -sign private_key_file -sha256 -sigopt rsa_padding_mode:pss -out output_file input_file
-sign private_key_file: specifies the path to the private key file to be used for signing.-sha256: specifies that the SHA256 algorithm should be used for digest calculation.-sigopt rsa_padding_mode:pss: specifies the RSA padding mode to be used (in this case, PSS).-out output_file: specifies the path to the file where the signed result will be saved.input_file: specifies the path to the file that needs to be signed.
Example Output:
The command openssl dgst -sign private_key.pem -sha256 -sigopt rsa_padding_mode:pss -out signature.bin input.txt signs the file input.txt using the RSA private key private_key.pem and saves the signed result to the file signature.bin.
Use Case 3: Verify an RSA signature
To ensure the integrity of a signed file, the openssl dgst command can be used to verify the RSA signature. This is useful when you want to verify the authenticity of a received message or file. The following code demonstrates how to verify an RSA signature:
openssl dgst -verify public_key_file -signature signature_file -sigopt rsa_padding_mode:pss signature_message_file
-verify public_key_file: specifies the path to the public key file used for verification.-signature signature_file: specifies the path to the file containing the signature to be verified.-sigopt rsa_padding_mode:pss: specifies the RSA padding mode used during signing (must match the padding mode used during signing).signature_message_file: specifies the path to the file containing the original signed message.
Example Output:
The command openssl dgst -verify public_key.pem -signature signature.bin -sigopt rsa_padding_mode:pss input.txt verifies the RSA signature in the file signature.bin using the RSA public key public_key.pem and checks if it corresponds to the original signed message in the file input.txt.
Use Case 4: Sign a file using an ECDSA key
The openssl dgst command also supports signing files using an ECDSA key. ECDSA (Elliptic Curve Digital Signature Algorithm) is a cryptographic algorithm used for secure digital signatures. The following code demonstrates how to sign a file using an ECDSA key:
openssl dgst -sign private_key_file -sha256 -out output_file input_file
-sign private_key_file: specifies the path to the private key file to be used for signing.-sha256: specifies that the SHA256 algorithm should be used for digest calculation.-out output_file: specifies the path to the file where the signed result will be saved.input_file: specifies the path to the file that needs to be signed.
Example Output:
The command openssl dgst -sign private_key.pem -sha256 -out signature.bin input.txt signs the file input.txt using the ECDSA private key private_key.pem and saves the signed result to the file signature.bin.
Use Case 5: Verify an ECDSA signature
To verify the authenticity of a file or message signed with an ECDSA key, the openssl dgst command can be used. The following code demonstrates how to verify an ECDSA signature:
openssl dgst -verify public_key_file -signature signature_file signature_message_file
-verify public_key_file: specifies the path to the public key file used for verification.-signature signature_file: specifies the path to the file containing the signature to be verified.signature_message_file: specifies the path to the file containing the original signed message.
Example Output:
The command openssl dgst -verify public_key.pem -signature signature.bin input.txt verifies the ECDSA signature in the file signature.bin using the ECDSA public key public_key.pem and checks if it corresponds to the original signed message in the file input.txt.
Conclusion
In this article, we explored different use cases of the openssl dgst command and provided code examples for each use case. The openssl dgst command is a versatile tool for generating digest values and performing signature operations. By using this command, you can ensure data integrity, authenticate messages or files, and verify the authenticity of signatures.
