Thursday, November 13, 2014

How to digitally sign and verify with ecdsa keypairs

In this post we will take a ecdsa  key-pair  and create a ecdsa signature and verify our data. I will also demonstrate what happen if the date is compromised.

1st here's the ecdsa  key-pairs that I created earlier.

NOTE: So the file name myfileforblog.txt will be the file we sign and will validate.

Here's the files types in my  directory

Next, we will do a signature creation and then verification.

And finally, let's make a modification to the "data file named myfileforblog.txt"  and re-verify.

NOTE: It will now fail due to the whitespace added to the bottom of the file

So basically we can easily craft ecdsa signatures and with providing the  pubic-key and the data.signature, any person can validate the signature of the datafile for integrity or corruption.

Here's a sample we re-direct the output  of unix ls into openssl from the /usr/bin directory

If the validation fails we can assume;

   1: the wrong signature was provided
   2: data was corrupt
   3: signature was tampered with
   4: the hash was not match or correct

NOTE: if the verification passes, than we know the file and signature are correct and matches the owner public-key.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
   ^      ^
=(  +  - )=
      /  \

No comments:

Post a Comment