Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@western24in日本オラクル株式会社

OCI Vaultで電子署名を行う

Last updated at Posted at 2021-02-19

OCI Vaultでは、RSAの鍵に対応しているので、デジタル署名をすることが可能です。ここではOCI CLIを利用した手順を紹介します。REST APIやJava,Python,.NetといったOCI SDKなどでも同様の操作が可能です。

  • VaultにRSAのキーを作成する
    image.png 
#デジタル署名をするファイルのメッセージダイジェストを取得。ここではbash_profileファイルを対象にしてみます
$ openssl sha256 .bash_profile
SHA256(.bash_profile)= b409c002d01b605d1587ff85af898e26550da8682bb0321af74e1009368df408

#デジタル署名の実行
oci kms crypto signed-data sign --key-id RSAキーのOCID  --message "メッセージダイジェスト"  --signing-algorithm 署名アルゴリズム --endpoint 暗号エンドポイントURL

$ oci kms crypto signed-data sign \
 --key-id ocid1.key.oc1.iad.bfqcupa5aaeuk.abuwcljrgnub2puol6vsmfbqzfrficwiv7uityihguw25wwdzbf455qcc7nq \
 --message "b409c002d01b605d1587ff85af898e26550da8682bb0321af74e1009368df408" \
 --signing-algorithm  SHA_224_RSA_PKCS_PSS \
 --endpoint https://xxxxxxxx-crypto.kms.us-ashburn-1.oraclecloud.com

#結果 signatureがデジタル署名
{
  "data": {
    "key-id": "ocid1.key.oc1.iad.bfqcupa5aaeuk.abuwcljrgnub2puol6vsmfbqzfrficwiv7uityihguw25wwdzbf455qcc7nq",
    "key-version-id": "ocid1.keyversion.oc1.iad.bfqcupa5aaeuk.aumnmavw3rqaa.abuwcljrhvhnzcfgh7k5uqetk74mlrku34igesose2wyl47cb7kqop2nue3a",
    "signature": "VOuHEvUA+YORNVtxm6GE18VsEEAW7/z6QbcZNqUFfHQ8HJPHloNym7Am/iaYC0uWyoAtNfiV2or1f884XAw7hhMYZ7LUylDwuI3wmCpuBAx6vLVUnIYKiJtSiu6DK9O+NlR92yuB3H695GxXTwl5MQnM8USwU1Hfju0fcRCnVvHTIRbV/xFkz6kdgmzJGgVwvS6ac/+hG1ELbBKdU/WhyzSDa+ZkfTnuJqzD+kBUpfkyPjqKdPUBqCYMYHJwQzy6bj05igrZbBnhzmoOHiUQ28TWb2/y1OFN8rNnZkHbX6W+NLBV22EOUYVe5OAZoKrMIRTZfRjX2ltfbXtDkM3EBw==",
    "signing-algorithm": "SHA_224_RSA_PKCS_PSS"
  }
}


#デジタル署名の検証
oci kms crypto verified-data verify --key-id RSAキーのOCID --message "メッセージダイジェスト" --signature デジタル署名 --signing-algorithm  署名アルゴリズム --key-version-id デジタル署名実行時のkey-version-id

$ oci kms crypto verified-data verify \
 --key-id ocid1.key.oc1.iad.bfqcupa5aaeuk.abuwcljrgnub2puol6vsmfbqzfrficwiv7uityihguw25wwdzbf455qcc7nq \
 --message "b409c002d01b605d1587ff85af898e26550da8682bb0321af74e1009368df408" \
 --signature "VOuHEvUA+YORNVtxm6GE18VsEEAW7/z6QbcZNqUFfHQ8HJPHloNym7Am/iaYC0uWyoAtNfiV2or1f884XAw7hhMYZ7LUylDwuI3wmCpuBAx6vLVUnIYKiJtSiu6DK9O+NlR92yuB3H695GxXTwl5MQnM8USwU1Hfju0fcRCnVvHTIRbV/xFkz6kdgmzJGgVwvS6ac/+hG1ELbBKdU/WhyzSDa+ZkfTnuJqzD+kBUpfkyPjqKdPUBqCYMYHJwQzy6bj05igrZbBnhzmoOHiUQ28TWb2/y1OFN8rNnZkHbX6W+NLBV22EOUYVe5OAZoKrMIRTZfRjX2ltfbXtDkM3EBw==" \
 --signing-algorithm  SHA_224_RSA_PKCS_PSS \
 --key-version-id ocid1.keyversion.oc1.iad.bfqcupa5aaeuk.aumnmavw3rqaa.abuwcljrhvhnzcfgh7k5uqetk74mlrku34igesose2wyl47cb7kqop2nue3a \
 --endpoint https://xxxxxxxx-crypto.kms.us-ashburn-1.oraclecloud.com

#結果
{
  "data": {
    "is-signature-valid": true
  }
}

OCI Vaultに暗号化キーをインポートする
OCI CLI Command Reference

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?