Coding Spirit

一位程序员,比较帅的那种

0%

ECDSA: Generate ECDSA Key/Certificate/Signature By openssl

Create ECDSA private key

Create file cert_config.txt:

1
2
3
4
5
6
7
8
9
10
[ req ]
prompt = no
distinguished_name = my_dn

[ my_dn ]
commonName = xxxxxxxxx@xxxxxx.com

[ my_exts ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning

Then create ECDSA private key base on it:

1
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -outform PEM -out ecdsasigner.key

Create ECDSA certificate/public key

If you need certificate:

1
openssl req -new -x509 -config cert_config.txt -extensions my_exts -nodes -days 365 -key ecdsasigner.key -out ecdsasigner.crt

If you need public key:

1
openssl x509 -pubkey -noout -in ecdsasigner.crt > ecdsasigner-pub.key

Create SHA256 Digital Signature

1
2
openssl dgst -sha256 -sign ecdsasigner.key <file_need_to_sign> > signature
base64 signature

Verify

ECDSA: Verify Signature