openssl/RSA-使用公钥解密 [英] openssl/RSA - Using a Public key to decrypt

问题描述

我希望保护我要维护的运行Linux的小型设备的软件更新过程.我想生成更新包内容的md5sum，然后使用私钥对该哈希进行加密，然后再将其发送给客户.当他们加载更新时，设备应随后解密哈希，对其进行验证，然后继续安装软件包.

I'm looking to secure the software update procedure for a little device I'm maintaining that runs Linux. I want to generate an md5sum of the update package's contents and then encrypt that hash with a private key before sending it out to the customer. When they load the update, the device should then decrypt the hash, verify it, and proceed with installation of the package.

我正在尝试使用OpenSSL和RSA进行此操作.我发现此线程，因此不建议这样做.然后，我发现此线程，并想知道Perl如何绕过据称这一切都是不可能的.我正在用C进行此操作，所以也许某个地方的SSL库中有一个并行函数?

I'm trying to do this with OpenSSL and RSA. I found this thread, and was discouraged. I then found this thread and wondered how Perl gets around the purported impossibility of it all. I'm doing this in C, so perhaps there's a parallel function in an SSL library somewhere?

所以我的问题确实是:我可以强制命令行Linux将公共密钥用作解密输入，或者也许使用C来规避该限制吗?

So my question really is: can I force command line Linux to take a public key as the decryption input, or perhaps use C to circumvent that limitation?

谢谢，全部.

推荐答案

假设您已使用openssl genrsa生成了公共和私有RSA密钥:

Let's assume you have generated a public and private RSA key using openssl genrsa:

$ openssl genrsa -out mykey
Generating RSA private key, 512 bit long modulus
...++++++++++++
..........++++++++++++
e is 65537 (0x10001)
$ openssl rsa -in mykey -pubout -out mykey.pub
writing RSA key

您可以使用如下私钥签名:

You can sign something with the private key like this:

$ md5sum myfile | openssl rsautl -inkey mykey -sign > checksum.signed

您可以使用公钥验证此数据:

You can verify this data using the public key:

$ openssl rsautl -inkey mykey.pub -pubin -in checksum.signed
df713741d8e92b15977ccd6e019730a5  myfile

这是您要找的吗?

这篇关于openssl/RSA-使用公钥解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！