Voir
Génération de la clef privé
openssl genrsa -out priv.pem 4096
Génération de la clef public
openssl rsa -in priv.pem -pubout -out public.pem
openssl dgst -sha256 -sign priv.pem -out plop.txt.sha256 plop.txt openssl base64 -in plop.txt.sha256 -out /tmp/plop.txt.sign
openssl base64 -d -in plop.txt.sign -out /tmp/plop.txt.sha256 openssl dgst -sha256 -verify public.pem -signature plop.txt.sha256 plop.txt
Ce script crée un fichier contenant une date Ce fichier date est signé
La signature est vérifiée Un délais est défini au delà duquel il est considéré comme expiré.
poc_crypto_sign.sh
#! /bin/bash set -o nounset DELAY=60 KEY_PRIV=priv.pem KEY_PUB=public.pem SIGN_FILE=plop.txt.sign TMP_SIGN_FILE=/tmp/plop.txt.sha256 DATA_FILE=plop.txt enc_create_key_priv() { openssl genrsa -out "$KEY_PRIV" 4096 } enc_create_key_pub() { openssl rsa -in "$KEY_PRIV" -pubout -out "$KEY_PUB" } enc_sign() { openssl dgst -sha256 -sign "$KEY_PRIV" -out "$TMP_SIGN_FILE" "$DATA_FILE" openssl base64 -in "$TMP_SIGN_FILE" -out "$SIGN_FILE" } err() { local err_code=$1 shift echo $* >&2 exit $err_code } enc_verif_sign() { openssl base64 -d -in "$SIGN_FILE" -out "$TMP_SIGN_FILE" openssl dgst -sha256 -verify "$KEY_PUB" -signature "$TMP_SIGN_FILE" "$DATA_FILE" > /dev/null if [ $? -ne 0 ] then err 1 "Error. Sign. Verification Failure" fi } date_epoch() { echo $(date +%s) } read_date_file() { echo "$(cat $DATA_FILE)" } create_date_file() { date_epoch > "$DATA_FILE" enc_sign } check_date() { enc_verif_sign local -i epoch_file="$(read_date_file)" local -i epoch_now="$(date_epoch)" echo "DEBUG: $epoch_file > $(( epoch_now - DELAY ))" if (( epoch_file > epoch_now )) then err 2 "Error. Time in futur" elif (( $epoch_file < $(( epoch_now - DELAY )) )) then err 3 "Error. Expired" else echo "OK" fi } #enc_create_key_priv #enc_create_key_pub #create_date_file #enc_sign enc_verif_sign read_date_file check_date