背景
公開鍵暗号について理解したことを自分の言葉で整理しておきたい。
opensslを使いこなせるようになっておきたい。
※セキュリティの一般的な知識で、当たり前のことを改めて残しているだけです。
参考文献
公開鍵による暗号化と、プライベート鍵による暗号化(デジタル署名)
公開鍵による暗号化では、機密性を担保するために、メッセージを送信する人が「公開鍵」で暗号化するが(画像上側)、
デジタル署名は機密性を担保することが目的ではない(完全性、真正性、否認防止)ため、メッセージを送信する人が「秘密鍵」で暗号化(署名付与)する(画像下側)。
必要なセキュリティ特性を意識して使う必要がある!
※署名付与する場合は、平文メッセージと署名がそのまま送られているので、機密性は担保されていない。
公開鍵暗号(RSA)
RSA_暗号化
- 暗号文 = 平文^E mode N
※RSAの暗号文は、平文を表す数をE乗し、mod Nをとる。
つまり、平文をE回掛けて、その結果をNで割った余り。
→E(Encryption)とN(Number)の組みが公開鍵になる。
RSA_復号化
- 平文 = 暗号文^D mod N
※暗号文を表す数をD乗し、mod Nを取る。
つまり、暗号文をD回掛けて、その結果をNで割った余り。
→D(Decryption)とN(Number)の組みが公開鍵になる。
※暗号化と復号化のNumberは同じ。
RSA 鍵ペア生成
例:
(1)Nを求める
素数p = 17、 q = 19
N = 323
(2)Lを求める(L = lcm(p-1, q-1)※lcmとは最小公倍数)
p - 1 = 16、q - 1 = 18の最小公倍数が144
(3)Eを求める
EとLの最大公約数が1にならないといけない。(EとLは互いに素)
Eの候補:5, 7, 11, 13, 17, 19, 23...
→E = 5
(4)Dを求める
1 < D < 144
5 × D mod 144 = 1
→ D = 29
→ 145 mod 144 = 1
→公開鍵 = (E = 5, N = 323)
秘密鍵 = (D = 29, N = 323)
平文が100のとき:
暗号文 ^D mod N = 100 ^ 5 mod 323
= 10000000000 mod 323
= 104(暗号文)
暗号文の復号化:
平文 = 暗号文 ^D mod N
= 104^29 mod 323
= (104^10 mod 323) * (104^10 mod 323) * (104^9 mod 323) mod 323
※ 104^10 mod 323 = 123
※ 104^9 mod 323 = 172
= 123 * 123 * 172 mod 323
= 100(平文)
実行結果例(公開鍵による暗号化)
以下のように公開鍵を使ってメッセージを送信するときに暗号化して送ることで、メッセージの機密性を担保することができる。
秘密鍵生成
shota@ 署名検証 % openssl genrsa > test.key
Generating RSA private key, 2048 bit long modulus
.....................................+++++
.............................................................+++++
e is 65537 (0x10001)
shota@ 署名検証 % cat test.key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2qfAky5kW5QA68VQ8FDslm0TFEUXS+vsLc+7H88YhDqM3P03
Kqa/yPffxx+JXx6tzkWMKBn1lqsT79vDz2P1q79ND4YbA/gFMV4qujxJwbos4j5B
i42APYvO1xEPERJOg+yklkJ4MKrF2dA9F0eO0kMnPHqVU6aZSCwCUzRSEeJJm5iC
WBJBVtJfWqMNh/zkLPSDW4azhQgFUBpAsrcWZc5w+vRDl9QYyteXivdEUcbsDRix
KdaD35q9YqgtvxK9C9eM83WIhg56KxLiBZjXvd9oK+XUadE9U6Mmks0z2ldzYA63
7J0QslzFezNv8iOVUQkbTm5kSFib5oYc+DvAQwIDAQABAoIBAGz2WeY+oS5t1AOq
QcpwWWYhFvfr8k8YU4sE0Rhp6KrETrw1x48Op9YriC2/zoJDVJPNXqoBPbyGppnK
J4srIhsjavCIgN/6cgQHDD3gm1TaRVG9eoZjzntdN4c/bgWw3MWrYN2sZB7Ei3Ie
7sKyGz82zc+6ur2D8TDhFYuHMDrOYLZiKfYc8+bypWZerSR0MmvbIdXdRLyhf1Tk
m78Ks4sYs57MiH6o0T8jKlynHnnuj7ZUc4rHXU0FXqtxC0e54toOlNQThCsgVi8T
yBJ2lXXQiU7HLB+FirwZdSICcVlnSPF/3J4/OQsDoxKROADWna2563pUwlmK15MH
L5qskjECgYEA9J8/KI8/PT+GThUSZxErCm6sv3UNu2ApN+aPGdNbDC8cZMZkkBPQ
NGeujYXQHdoqyqpBU57oq+AJAD0+4qQZLAR4Gf0zSUAwvUWpdyVcjhq1c6jT7OmZ
zJvAJlOTT5mdxz3PHVsuw6Aopiy/DKHpopO1EVRebm0Vm3nC5yF4AOkCgYEA5NNQ
p7CckbIUx361KIdROHTUHAeG6NAEEzo29+gQjsP53e4ncCRBuTp/lrlVn8jRNUwD
mXd/e9xWZTrsLx+bLX66OH0mbReZVAVGnvIWLVZEetrXsB+r5V/xulK/XTIF4lbW
xxEbV9jn+EjRAQptRWkLEW3oIpS+kWp9wW3qHEsCgYEAjPbvqGnT4XGn7XsLHcWw
7dQVTEch4KZrWkFMmW9Iel7zl8cT0Er6ohhVaEyCP5GnMx6lgpCCN/lkdnTUtjom
H018AE3+remFrKxmGbi3+1O82KejaFS9QkFGm09yBl7ZoyUlIx+WdTjn88q5VYhA
YGWJ5DCgMjY+S1gBTrvksXECgYEA1/WHvXu1iNvlOJKhLurnAL1iIkIIVVldPzhG
AJqIZfUXsRi/J9tQHBzVpc6svOyuZfqjuwdIzgEZmNiPZ7oQnlNoNUAIMBWBpAaG
rCQWQhuU7c30mkiJ1yVB4nOOH8rCOudyNNY0VChmZbFzb+QDVOrag0yTNW/kmyFC
Jngx5xkCgYBHHmwZUk/R1TdX+dm5rDXrsq1J1zevfqvmlCY2qYGcKyuftdAs3p0S
VoDSM9OzRoirWwhgCgqsBvzdyyvfFpDf+XUUfEqg7FdhcCqyyWH2T7tXcC95+rhL
5MTxTZpGApL80wQ2NQGAaICMoDCLgsW2KThhB2dIgJLOoLYYKX39xg==
-----END RSA PRIVATE KEY-----
shota@ 署名検証 % openssl rsa -text < test.key
RSA Private-Key: (2048 bit)
modulus:
00:da:a7:c0:93:2e:64:5b:94:00:eb:c5:50:f0:50:
ec:96:6d:13:14:45:17:4b:eb:ec:2d:cf:bb:1f:cf:
18:84:3a:8c:dc:fd:37:2a:a6:bf:c8:f7:df:c7:1f:
89:5f:1e:ad:ce:45:8c:28:19:f5:96:ab:13:ef:db:
c3:cf:63:f5:ab:bf:4d:0f:86:1b:03:f8:05:31:5e:
2a:ba:3c:49:c1:ba:2c:e2:3e:41:8b:8d:80:3d:8b:
ce:d7:11:0f:11:12:4e:83:ec:a4:96:42:78:30:aa:
c5:d9:d0:3d:17:47:8e:d2:43:27:3c:7a:95:53:a6:
99:48:2c:02:53:34:52:11:e2:49:9b:98:82:58:12:
41:56:d2:5f:5a:a3:0d:87:fc:e4:2c:f4:83:5b:86:
b3:85:08:05:50:1a:40:b2:b7:16:65:ce:70:fa:f4:
43:97:d4:18:ca:d7:97:8a:f7:44:51:c6:ec:0d:18:
b1:29:d6:83:df:9a:bd:62:a8:2d:bf:12:bd:0b:d7:
8c:f3:75:88:86:0e:7a:2b:12:e2:05:98:d7:bd:df:
68:2b:e5:d4:69:d1:3d:53:a3:26:92:cd:33:da:57:
73:60:0e:b7:ec:9d:10:b2:5c:c5:7b:33:6f:f2:23:
95:51:09:1b:4e:6e:64:48:58:9b:e6:86:1c:f8:3b:
c0:43
publicExponent: 65537 (0x10001)
privateExponent:
6c:f6:59:e6:3e:a1:2e:6d:d4:03:aa:41:ca:70:59:
66:21:16:f7:eb:f2:4f:18:53:8b:04:d1:18:69:e8:
aa:c4:4e:bc:35:c7:8f:0e:a7:d6:2b:88:2d:bf:ce:
82:43:54:93:cd:5e:aa:01:3d:bc:86:a6:99:ca:27:
8b:2b:22:1b:23:6a:f0:88:80:df:fa:72:04:07:0c:
3d:e0:9b:54:da:45:51:bd:7a:86:63:ce:7b:5d:37:
87:3f:6e:05:b0:dc:c5:ab:60:dd:ac:64:1e:c4:8b:
72:1e:ee:c2:b2:1b:3f:36:cd:cf:ba:ba:bd:83:f1:
30:e1:15:8b:87:30:3a:ce:60:b6:62:29:f6:1c:f3:
e6:f2:a5:66:5e:ad:24:74:32:6b:db:21:d5:dd:44:
bc:a1:7f:54:e4:9b:bf:0a:b3:8b:18:b3:9e:cc:88:
7e:a8:d1:3f:23:2a:5c:a7:1e:79:ee:8f:b6:54:73:
8a:c7:5d:4d:05:5e:ab:71:0b:47:b9:e2:da:0e:94:
d4:13:84:2b:20:56:2f:13:c8:12:76:95:75:d0:89:
4e:c7:2c:1f:85:8a:bc:19:75:22:02:71:59:67:48:
f1:7f:dc:9e:3f:39:0b:03:a3:12:91:38:00:d6:9d:
ad:b9:eb:7a:54:c2:59:8a:d7:93:07:2f:9a:ac:92:
31
prime1:
00:f4:9f:3f:28:8f:3f:3d:3f:86:4e:15:12:67:11:
2b:0a:6e:ac:bf:75:0d:bb:60:29:37:e6:8f:19:d3:
5b:0c:2f:1c:64:c6:64:90:13:d0:34:67:ae:8d:85:
d0:1d:da:2a:ca:aa:41:53:9e:e8:ab:e0:09:00:3d:
3e:e2:a4:19:2c:04:78:19:fd:33:49:40:30:bd:45:
a9:77:25:5c:8e:1a:b5:73:a8:d3:ec:e9:99:cc:9b:
c0:26:53:93:4f:99:9d:c7:3d:cf:1d:5b:2e:c3:a0:
28:a6:2c:bf:0c:a1:e9:a2:93:b5:11:54:5e:6e:6d:
15:9b:79:c2:e7:21:78:00:e9
prime2:
00:e4:d3:50:a7:b0:9c:91:b2:14:c7:7e:b5:28:87:
51:38:74:d4:1c:07:86:e8:d0:04:13:3a:36:f7:e8:
10:8e:c3:f9:dd:ee:27:70:24:41:b9:3a:7f:96:b9:
55:9f:c8:d1:35:4c:03:99:77:7f:7b:dc:56:65:3a:
ec:2f:1f:9b:2d:7e:ba:38:7d:26:6d:17:99:54:05:
46:9e:f2:16:2d:56:44:7a:da:d7:b0:1f:ab:e5:5f:
f1:ba:52:bf:5d:32:05:e2:56:d6:c7:11:1b:57:d8:
e7:f8:48:d1:01:0a:6d:45:69:0b:11:6d:e8:22:94:
be:91:6a:7d:c1:6d:ea:1c:4b
exponent1:
00:8c:f6:ef:a8:69:d3:e1:71:a7:ed:7b:0b:1d:c5:
b0:ed:d4:15:4c:47:21:e0:a6:6b:5a:41:4c:99:6f:
48:7a:5e:f3:97:c7:13:d0:4a:fa:a2:18:55:68:4c:
82:3f:91:a7:33:1e:a5:82:90:82:37:f9:64:76:74:
d4:b6:3a:26:1f:4d:7c:00:4d:fe:ad:e9:85:ac:ac:
66:19:b8:b7:fb:53:bc:d8:a7:a3:68:54:bd:42:41:
46:9b:4f:72:06:5e:d9:a3:25:25:23:1f:96:75:38:
e7:f3:ca:b9:55:88:40:60:65:89:e4:30:a0:32:36:
3e:4b:58:01:4e:bb:e4:b1:71
exponent2:
00:d7:f5:87:bd:7b:b5:88:db:e5:38:92:a1:2e:ea:
e7:00:bd:62:22:42:08:55:59:5d:3f:38:46:00:9a:
88:65:f5:17:b1:18:bf:27:db:50:1c:1c:d5:a5:ce:
ac:bc:ec:ae:65:fa:a3:bb:07:48:ce:01:19:98:d8:
8f:67:ba:10:9e:53:68:35:40:08:30:15:81:a4:06:
86:ac:24:16:42:1b:94:ed:cd:f4:9a:48:89:d7:25:
41:e2:73:8e:1f:ca:c2:3a:e7:72:34:d6:34:54:28:
66:65:b1:73:6f:e4:03:54:ea:da:83:4c:93:35:6f:
e4:9b:21:42:26:78:31:e7:19
coefficient:
47:1e:6c:19:52:4f:d1:d5:37:57:f9:d9:b9:ac:35:
eb:b2:ad:49:d7:37:af:7e:ab:e6:94:26:36:a9:81:
9c:2b:2b:9f:b5:d0:2c:de:9d:12:56:80:d2:33:d3:
b3:46:88:ab:5b:08:60:0a:0a:ac:06:fc:dd:cb:2b:
df:16:90:df:f9:75:14:7c:4a:a0:ec:57:61:70:2a:
b2:c9:61:f6:4f:bb:57:70:2f:79:fa:b8:4b:e4:c4:
f1:4d:9a:46:02:92:fc:d3:04:36:35:01:80:68:80:
8c:a0:30:8b:82:c5:b6:29:38:61:07:67:48:80:92:
ce:a0:b6:18:29:7d:fd:c6
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2qfAky5kW5QA68VQ8FDslm0TFEUXS+vsLc+7H88YhDqM3P03
Kqa/yPffxx+JXx6tzkWMKBn1lqsT79vDz2P1q79ND4YbA/gFMV4qujxJwbos4j5B
i42APYvO1xEPERJOg+yklkJ4MKrF2dA9F0eO0kMnPHqVU6aZSCwCUzRSEeJJm5iC
WBJBVtJfWqMNh/zkLPSDW4azhQgFUBpAsrcWZc5w+vRDl9QYyteXivdEUcbsDRix
KdaD35q9YqgtvxK9C9eM83WIhg56KxLiBZjXvd9oK+XUadE9U6Mmks0z2ldzYA63
7J0QslzFezNv8iOVUQkbTm5kSFib5oYc+DvAQwIDAQABAoIBAGz2WeY+oS5t1AOq
QcpwWWYhFvfr8k8YU4sE0Rhp6KrETrw1x48Op9YriC2/zoJDVJPNXqoBPbyGppnK
J4srIhsjavCIgN/6cgQHDD3gm1TaRVG9eoZjzntdN4c/bgWw3MWrYN2sZB7Ei3Ie
7sKyGz82zc+6ur2D8TDhFYuHMDrOYLZiKfYc8+bypWZerSR0MmvbIdXdRLyhf1Tk
m78Ks4sYs57MiH6o0T8jKlynHnnuj7ZUc4rHXU0FXqtxC0e54toOlNQThCsgVi8T
yBJ2lXXQiU7HLB+FirwZdSICcVlnSPF/3J4/OQsDoxKROADWna2563pUwlmK15MH
L5qskjECgYEA9J8/KI8/PT+GThUSZxErCm6sv3UNu2ApN+aPGdNbDC8cZMZkkBPQ
NGeujYXQHdoqyqpBU57oq+AJAD0+4qQZLAR4Gf0zSUAwvUWpdyVcjhq1c6jT7OmZ
zJvAJlOTT5mdxz3PHVsuw6Aopiy/DKHpopO1EVRebm0Vm3nC5yF4AOkCgYEA5NNQ
p7CckbIUx361KIdROHTUHAeG6NAEEzo29+gQjsP53e4ncCRBuTp/lrlVn8jRNUwD
mXd/e9xWZTrsLx+bLX66OH0mbReZVAVGnvIWLVZEetrXsB+r5V/xulK/XTIF4lbW
xxEbV9jn+EjRAQptRWkLEW3oIpS+kWp9wW3qHEsCgYEAjPbvqGnT4XGn7XsLHcWw
7dQVTEch4KZrWkFMmW9Iel7zl8cT0Er6ohhVaEyCP5GnMx6lgpCCN/lkdnTUtjom
H018AE3+remFrKxmGbi3+1O82KejaFS9QkFGm09yBl7ZoyUlIx+WdTjn88q5VYhA
YGWJ5DCgMjY+S1gBTrvksXECgYEA1/WHvXu1iNvlOJKhLurnAL1iIkIIVVldPzhG
AJqIZfUXsRi/J9tQHBzVpc6svOyuZfqjuwdIzgEZmNiPZ7oQnlNoNUAIMBWBpAaG
rCQWQhuU7c30mkiJ1yVB4nOOH8rCOudyNNY0VChmZbFzb+QDVOrag0yTNW/kmyFC
Jngx5xkCgYBHHmwZUk/R1TdX+dm5rDXrsq1J1zevfqvmlCY2qYGcKyuftdAs3p0S
VoDSM9OzRoirWwhgCgqsBvzdyyvfFpDf+XUUfEqg7FdhcCqyyWH2T7tXcC95+rhL
5MTxTZpGApL80wQ2NQGAaICMoDCLgsW2KThhB2dIgJLOoLYYKX39xg==
-----END RSA PRIVATE KEY-----
秘密鍵の中身はどういう意味?
modulus: n == p * q
publicExponent: e == 65537 (==0x10001)
privateExponent: d == e^-1 mod LCM(p-1, q-1)
prime1: p
prime2: q
exponent1: d mod (p-1)
exponent2: d mod (q-1)
coefficient: q^(-1) mod p
参照:
RFC 3447
公開鍵生成
shota@ 署名検証 % openssl rsa -pubout < test.key > pubtest.key
writing RSA key
shota@ 署名検証 % cat pubtest.key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qfAky5kW5QA68VQ8FDs
lm0TFEUXS+vsLc+7H88YhDqM3P03Kqa/yPffxx+JXx6tzkWMKBn1lqsT79vDz2P1
q79ND4YbA/gFMV4qujxJwbos4j5Bi42APYvO1xEPERJOg+yklkJ4MKrF2dA9F0eO
0kMnPHqVU6aZSCwCUzRSEeJJm5iCWBJBVtJfWqMNh/zkLPSDW4azhQgFUBpAsrcW
Zc5w+vRDl9QYyteXivdEUcbsDRixKdaD35q9YqgtvxK9C9eM83WIhg56KxLiBZjX
vd9oK+XUadE9U6Mmks0z2ldzYA637J0QslzFezNv8iOVUQkbTm5kSFib5oYc+DvA
QwIDAQAB
-----END PUBLIC KEY-----
shota@ 署名検証 % openssl rsa -text -pubin < pubtest.key
RSA Public-Key: (2048 bit)
Modulus:
00:da:a7:c0:93:2e:64:5b:94:00:eb:c5:50:f0:50:
ec:96:6d:13:14:45:17:4b:eb:ec:2d:cf:bb:1f:cf:
18:84:3a:8c:dc:fd:37:2a:a6:bf:c8:f7:df:c7:1f:
89:5f:1e:ad:ce:45:8c:28:19:f5:96:ab:13:ef:db:
c3:cf:63:f5:ab:bf:4d:0f:86:1b:03:f8:05:31:5e:
2a:ba:3c:49:c1:ba:2c:e2:3e:41:8b:8d:80:3d:8b:
ce:d7:11:0f:11:12:4e:83:ec:a4:96:42:78:30:aa:
c5:d9:d0:3d:17:47:8e:d2:43:27:3c:7a:95:53:a6:
99:48:2c:02:53:34:52:11:e2:49:9b:98:82:58:12:
41:56:d2:5f:5a:a3:0d:87:fc:e4:2c:f4:83:5b:86:
b3:85:08:05:50:1a:40:b2:b7:16:65:ce:70:fa:f4:
43:97:d4:18:ca:d7:97:8a:f7:44:51:c6:ec:0d:18:
b1:29:d6:83:df:9a:bd:62:a8:2d:bf:12:bd:0b:d7:
8c:f3:75:88:86:0e:7a:2b:12:e2:05:98:d7:bd:df:
68:2b:e5:d4:69:d1:3d:53:a3:26:92:cd:33:da:57:
73:60:0e:b7:ec:9d:10:b2:5c:c5:7b:33:6f:f2:23:
95:51:09:1b:4e:6e:64:48:58:9b:e6:86:1c:f8:3b:
c0:43
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qfAky5kW5QA68VQ8FDs
lm0TFEUXS+vsLc+7H88YhDqM3P03Kqa/yPffxx+JXx6tzkWMKBn1lqsT79vDz2P1
q79ND4YbA/gFMV4qujxJwbos4j5Bi42APYvO1xEPERJOg+yklkJ4MKrF2dA9F0eO
0kMnPHqVU6aZSCwCUzRSEeJJm5iCWBJBVtJfWqMNh/zkLPSDW4azhQgFUBpAsrcW
Zc5w+vRDl9QYyteXivdEUcbsDRixKdaD35q9YqgtvxK9C9eM83WIhg56KxLiBZjX
vd9oK+XUadE9U6Mmks0z2ldzYA637J0QslzFezNv8iOVUQkbTm5kSFib5oYc+DvA
QwIDAQAB
-----END PUBLIC KEY-----
「test_message」を暗号化。
署名生成
shota@ 署名検証 % echo "test_message" | openssl rsautl -encrypt -pubin -inkey pubtest.key > messagetest.dat
shota@ 署名検証 % cat messagetest.dat
??h_?dўEF?2???+?#????0???x?O??f??~dt?iq@?0H
NF?ۜ?*~???:?????Kv?????y?ug?A?WR7~O???C?a???7(?????1?1ͳ#?????٥6?ߏ]6%ݯ??????X
ҧ??n???M??Q
yOq ?1*??gҟ?F??:?!B???ǪO???;oI??V??~?0 ???-?4h?R???1??????aR?=͒??0???(?%
復号
shota@ 署名検証 % cat messagetest.dat | openssl rsautl -decrypt -inkey test.key
test_message
実行結果例(プライベート鍵による暗号化(デジタル署名))
上記の暗号化で生成した鍵ペアを使って署名を生成、検証する。
署名を生成するときに秘密鍵を使っている。
署名生成
shota@ 署名検証 % openssl dgst -sha1 -sign test.key test.txt > sign.sig
shota@ 署名検証 % cat sign.sig
Q??e|Έ???C4?9hē$??????
U~a_??/?Y?ͫ??<&?;4?j:dtЅ)?-??_ܱt??
?????$?{??Q??9f?y??%f??<q?u??)瞌?%(??|?4VY?kVtq?`??l?(?ꨖ\??ژ??ӻ\;%?d??:&?ji?Sc=?
]??w???2?E??<=4?r? ?@y??4????
???(??D*?}:?i?f-??&?W?H|?KF?o?p?C?]^??1??dݜ?N!%
shota@ 署名検証 % hexdump sign.sig
0000000 df51 65cb ce7c 0088 d9d6 43de eb34 399a
0000010 6817 93c4 8124 0fbd b214 1d8c d3d5 140d
0000020 1709 550c 617e 915f 2fd4 59e7 cd94 b4ab
0000030 3c93 f526 153b 3407 6ae2 643a d074 1885
0000040 9729 9a2d 5fb5 b1dc d674 0ce9 8387 1ce3
0000050 db8b b524 e67b ee03 8c51 b81a 391d e166
0000060 b179 b405 6625 e294 713c 7592 9f92 e729
0000070 8c9e 2596 9a28 7cbf 1082 5634 1259 6bff
0000080 7456 b871 6007 edd0 946c 2814 ea83 96a8
0000090 995c dabb 9b98 d39d 5cbb 253b 6496 94e2
00000a0 c01e 263a 6a85 bc69 6353 e23d c80c 7940
00000b0 1ada 1ac3 ff34 0492 1cbf 0daf b35d 77da
00000c0 94f5 32a2 45b4 e3f2 3d3c f334 a172 a60b
00000d0 dab5 a228 44ba d72a 3a7d 69f4 66aa b12d
00000e0 26b4 57fa a916 7c48 4bd9 d946 3f6f ab70
00000f0 be43 5e5d f297 3f31 64c3 9cdd 1af8 214e
0000100
署名検証
shota@ 署名検証 % openssl dgst -sha1 -verify pubtest.key -signature sign.sig test.txt
Verified OK
署名が改ざんされたときにほんとにNGと判断してくれるか確認する。
署名の改ざん
shota@ 署名検証 % hexdump -Cv sign.sig
00000000 51 df cb 65 7c ce 88 00 d6 d9 de 43 34 eb 9a 39 |Q..e|......C4..9|
00000010 17 68 c4 93 24 81 bd 0f 14 b2 8c 1d d5 d3 0d 14 |.h..$...........|
00000020 09 17 0c 55 7e 61 5f 91 d4 2f e7 59 94 cd ab b4 |...U~a_../.Y....|
00000030 93 3c 26 f5 3b 15 07 34 e2 6a 3a 64 74 d0 85 18 |.<&.;..4.j:dt...|
00000040 29 97 2d 9a b5 5f dc b1 74 d6 e9 0c 87 83 e3 1c |).-.._..t.......|
00000050 8b db 24 b5 7b e6 03 ee 51 8c 1a b8 1d 39 66 e1 |..$.{...Q....9f.|
00000060 79 b1 05 b4 25 66 94 e2 3c 71 92 75 92 9f 29 e7 |y...%f..<q.u..).|
00000070 9e 8c 96 25 28 9a bf 7c 82 10 34 56 59 12 ff 6b |...%(..|..4VY..k|
00000080 56 74 71 b8 07 60 d0 ed 6c 94 14 28 83 ea a8 96 |Vtq..`..l..(....|
00000090 5c 99 bb da 98 9b 9d d3 bb 5c 3b 25 96 64 e2 94 |\........\;%.d..|
000000a0 1e c0 3a 26 85 6a 69 bc 53 63 3d e2 0c c8 40 79 |..:&.ji.Sc=...@y|
000000b0 da 1a c3 1a 34 ff 92 04 bf 1c af 0d 5d b3 da 77 |....4.......]..w|
000000c0 f5 94 a2 32 b4 45 f2 e3 3c 3d 34 f3 72 a1 0b a6 |...2.E..<=4.r...|
000000d0 b5 da 28 a2 ba 44 2a d7 7d 3a f4 69 aa 66 2d b1 |..(..D*.}:.i.f-.|
000000e0 b4 26 fa 57 16 a9 48 7c d9 4b 46 d9 6f 3f 70 ab |.&.W..H|.KF.o?p.|
000000f0 43 be 5d 5e 97 f2 31 3f c3 64 dd 9c f8 1a 4e 21 |C.]^..1?.d....N!|
00000100
shota@ 署名検証 % echo -en '\x5A\x5A' | dd of=./sign.sig bs=1 seek=16 conv=notrunc
2+0 records in
2+0 records out
2 bytes transferred in 0.000241 secs (8299 bytes/sec)
shota@ 署名検証 % hexdump -Cv sign.sig
00000000 51 df cb 65 7c ce 88 00 d6 d9 de 43 34 eb 9a 39 |Q..e|......C4..9|
00000010 5a 5a c4 93 24 81 bd 0f 14 b2 8c 1d d5 d3 0d 14 |ZZ..$...........|
00000020 09 17 0c 55 7e 61 5f 91 d4 2f e7 59 94 cd ab b4 |...U~a_../.Y....|
00000030 93 3c 26 f5 3b 15 07 34 e2 6a 3a 64 74 d0 85 18 |.<&.;..4.j:dt...|
00000040 29 97 2d 9a b5 5f dc b1 74 d6 e9 0c 87 83 e3 1c |).-.._..t.......|
00000050 8b db 24 b5 7b e6 03 ee 51 8c 1a b8 1d 39 66 e1 |..$.{...Q....9f.|
00000060 79 b1 05 b4 25 66 94 e2 3c 71 92 75 92 9f 29 e7 |y...%f..<q.u..).|
00000070 9e 8c 96 25 28 9a bf 7c 82 10 34 56 59 12 ff 6b |...%(..|..4VY..k|
00000080 56 74 71 b8 07 60 d0 ed 6c 94 14 28 83 ea a8 96 |Vtq..`..l..(....|
00000090 5c 99 bb da 98 9b 9d d3 bb 5c 3b 25 96 64 e2 94 |\........\;%.d..|
000000a0 1e c0 3a 26 85 6a 69 bc 53 63 3d e2 0c c8 40 79 |..:&.ji.Sc=...@y|
000000b0 da 1a c3 1a 34 ff 92 04 bf 1c af 0d 5d b3 da 77 |....4.......]..w|
000000c0 f5 94 a2 32 b4 45 f2 e3 3c 3d 34 f3 72 a1 0b a6 |...2.E..<=4.r...|
000000d0 b5 da 28 a2 ba 44 2a d7 7d 3a f4 69 aa 66 2d b1 |..(..D*.}:.i.f-.|
000000e0 b4 26 fa 57 16 a9 48 7c d9 4b 46 d9 6f 3f 70 ab |.&.W..H|.KF.o?p.|
000000f0 43 be 5d 5e 97 f2 31 3f c3 64 dd 9c f8 1a 4e 21 |C.]^..1?.d....N!|
00000100
shota@ 署名検証 % openssl dgst -sha1 -verify pubtest.key -signature sign.sig test.txt
Verification Failure