OpenSSL仅数字签名摘要 [英] OpenSSL Digitally Sign Digest Only
问题描述
我有一个签名服务器,您可以在其中上传文件,它将以数字签名进行响应.
I have a signing server where you can upload a file and it will respond with the digital signature.
它正在使用正常工作的 openssl dgst -sha256 -sign .
It is using openssl dgst -sha256 -sign which works fine.
但是,我们必须开始对大文件(> 1 GB)进行签名,并且上传将永久进行.我的想法是,我们可以在本地计算sha256摘要,并将其仅传递给签名服务器,这将大大加快处理速度.然而,这个看似简单的任务似乎对openssl来说是疯狂的.有这个原因吗?
However, we've had to start signing large files (>1 GB) and the uploads take forever. I had the idea that we could compute the sha256 digest locally and pass just that to the signing server which would speed things up considerably. However, this seemingly simple task seems crazy hard with openssl. Is there a reason for this?
我在此处找到了一种可能的解决方案,但与当前的 dgst 相比,它非常复杂-liner,并涉及生成ASN1配置文件.
I found one possible solution here but it's very complicated compared to the current dgst one-liner and involves generating an ASN1 config file.
这真的是使用openssl生成数字签名而不需要提供文件的唯一方法吗?
Is this really the only way of generating digital signatures with openssl without needing the file present?
推荐答案
您显然想要一个 RSA 签名,特别是OpenSSL的默认RSASSA-PKCS1v1_5,尽管您的问题没有这么说,并且OpenSSL支持其他几种签名算法.而且您忽略了注释链接#9951559到使用C时的不同签名例程和openssl dgst,rsautl命令以及重复多个OpenSSL RSA签名方法会产生不同的结果,并且在那里链接更多.
You apparently want an RSA signature, specifically OpenSSL's default of RSASSA-PKCS1v1_5, although your question didn't say so and OpenSSL supports several other signature algorithms. And you ignored comment linking #9951559 to Different signatures when using C routines and openssl dgst, rsautl commands as well as dupe Multiple OpenSSL RSA signing methods produce different results and more linked there.
rsautl does not do the ASN.1 DigestInfo encoding at step 2 of rfc8017 et pred 9.2, but since 1.0.0 in 2010 pkeyutl does if you specify the digest algorithm:
openssl pkeyutl -sign -inkey privkey.pem -pkeyopt digest:sha256
# note input is binary; if you transport to the server as hex, use
# xxd -r -p or the printf $(echo $x | sed 's/../\\x&/g') hack or similar
# output is also binary by default, like rsautl which you seem to handle
或者PKCS1的同一部分(rfc8017等)对于所有标准的带有RSA的hash方案都具有恒定的前缀值,这仍然比计算DER更简单.
Or the same section of PKCS1 (rfc8017 et pred) has constant prefix values for all standard hash-with-RSA schemes, which is still simpler than working out DER.
这篇关于OpenSSL仅数字签名摘要的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
