はじめに
ブロックチェーンで使用される基本的な暗号技術の秘密鍵や公開鍵の作成をしてみたので、その備忘録です。
秘密鍵、公開鍵の作成
秘密鍵の作成
$ openssl ecparam -genkey -name secp256k1 -out private.pem
$ cat private.pem
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIAp9S1sZ+vZlujoXq09cHKxVoXgvEM9XebEXYSgbjKXdoAcGBSuBBAAK
oUQDQgAESSnAL8MsfVWbqPVvNgggO4cvi2XfG/uQ9Jwh57tDqTN3ssHR/ZOYHv2J
kLr2Z+mMpdok/Ir5dHsblowNLxdw7g==
-----END EC PRIVATE KEY-----
公開鍵の作成
$ openssl ec -in private.pem -pubout -out public.pem
read EC key
writing EC key
$ cat public.pem
-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAESSnAL8MsfVWbqPVvNgggO4cvi2XfG/uQ
9Jwh57tDqTN3ssHR/ZOYHv2JkLr2Z+mMpdok/Ir5dHsblowNLxdw7g==
-----END PUBLIC KEY-----
デジタル署名
メッセージの作成、メッセージのハッシュ化
$echo "secret" > message.txt
$ cat message.txt
secret
$ sha256sum message.txt | cut -c1-64 > hashed_message.txt
$ cat hashed_message.txt
b37e50cedcd3e3f1ff64f4afc0422084ae694253cf399326868e07a35f4a45fb
署名データの作成
$ openssl dgst -SHA256 -sign private.pem hashed_message.txt > hashed_message.sig
作成した公開鍵で署名を検証
$ openssl dgst -SHA256 -verify public.pem -signature hashed_message.sig
$ openssl dgst -SHA256 -verify public.pem -signature hashed_message.sig hashed_message.txt
Verified OK
Verified OKと表示されれば検証に成功です!
参考にさせて頂きました
堅牢なスマートコントラクト開発のためのブロックチェーン[技術]入門
opensslのオプション
$openssl -help
openssl:Error: '-help' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 rmd160 sha
sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb
rc2-ecb rc2-ofb rc4 rc4-40
seed seed-cbc seed-cfb seed-ecb
seed-ofb
dgstのオプション
$ openssl dgst -h
unknown option '-h'
options are
-c to output the digest with separating colons
-r to output the digest in coreutils format
-d to output debug info
-hex output as hex dump
-binary output in binary form
-hmac arg set the HMAC key to arg
-non-fips-allow allow use of non FIPS digest
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-out filename output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v signature parameter
-hmac key create hashed MAC with key
-mac algorithm create MAC (not neccessarily HMAC)
-macopt nm:v MAC algorithm parameters or key
-engine e use engine e, possibly a hardware device.
-md4 to use the md4 message digest algorithm
-md5 to use the md5 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
-sha to use the sha message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-whirlpool to use the whirlpool message digest algorithm