英文:
How do openssl commands sign messages using ed25519
问题
我正在尝试在OpenSSL中使用Ed25519算法对数据进行签名。我已重新安装了OpenSSL并确认我的OpenSSL版本支持Ed25519。然而,当我尝试使用openssl dgst命令并加上-ed25519标志对数据进行签名时,我收到一个错误消息,其中说:“Unrecognized flag ed25519”。这是我使用的命令:
openssl dgst -sign <private_key_file> -ed25519 -out <signature_file> <data_file>
我还尝试使用openssl pkeyutl命令对数据进行签名,但我收到一个错误消息,其中说:“Error initializing context”。这是我使用的命令:
openssl pkeyutl -sign -inkey <private_key_file> -keyform PEM -in <data_file> -out <signature_file> -pkeyopt digest:ed25519
我已确认我的私钥采用PEM格式,并且我的OpenSSL版本支持Ed25519。是什么导致了这些错误,以及如何在OpenSSL中使用Ed25519算法对数据进行签名?
英文:
I am trying to sign data using Ed25519 algorithm in OpenSSL. I have reinstalled OpenSSL and confirmed that my OpenSSL version supports Ed25519. However, when I try to sign data using the openssl dgst command with the -ed25519 flag, I get an error message saying "Unrecognized flag ed25519". Here is the command I am using:
openssl dgst -sign <private_key_file> -ed25519 -out <signature_file> <data_file>
I have also tried using the openssl pkeyutl command to sign the data, but I get an error message saying "Error initializing context". Here is the command I am using:
openssl pkeyutl -sign -inkey <private_key_file> -keyform PEM -in <data_file> -out <signature_file> -pkeyopt digest:ed25519
I have confirmed that my private key is in PEM format and that my OpenSSL version supports Ed25519. What could be causing these errors, and how can I sign data using Ed25519 algorithm in OpenSSL?
答案1
得分: 1
自从v3.0.1版本的OpenSSL CLI开始支持Ed25519签名(参见此处)。
示例:
# 生成密钥
openssl genpkey -algorithm Ed25519 -out secret.pem
openssl pkey -in secret.pem -pubout -out public.pem
# 生成签名
openssl pkeyutl -sign -inkey secret.pem -out signature.bin -rawin -in message.bin
# 验证签名
openssl pkeyutl -verify -pubin -inkey public.pem -rawin -in message.bin -sigfile signature.bin
英文:
Since v3.0.1 OpenSSL CLI supports signing with Ed25519 (see here).
Example:
# generate keys
openssl genpkey -algorithm Ed25519 -out secret.pem
openssl pkey -in secret.pem -pubout -out public.pem
# generate signature
openssl pkeyutl -sign -inkey secret.pem -out signature.bin -rawin -in message.bin
# verify signature
openssl pkeyutl -verify -pubin -inkey public.pem -rawin -in message.bin -sigfile signature.bin
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论