|
@ -7,16 +7,14 @@ |
|
|
# Usage: source ./openssl_signing_console.sh |
|
|
# Usage: source ./openssl_signing_console.sh |
|
|
# |
|
|
# |
|
|
# For a more complete explanation, see ./openssl_signing_console.rst |
|
|
# For a more complete explanation, see ./openssl_signing_console.rst |
|
|
# |
|
|
|
|
|
# It's crazy that raw execution only works about 20% of the time! |
|
|
|
|
|
# See https://stackoverflow.com/questions/77505582/why-would-openssl-verify-succeed-every-time-with-source-but-fail-80-of-the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Generate a key and extract the public part |
|
|
openssl ecparam -name secp256k1 -genkey -noout -out private.pem |
|
|
openssl ecparam -name secp256k1 -genkey -noout -out private.pem |
|
|
openssl ec -in private.pem -pubout -out public.pem |
|
|
openssl ec -in private.pem -pubout -out public.pem |
|
|
|
|
|
|
|
|
|
|
|
# Use test data |
|
|
header='{"alg":"ES256K", "issuer": "", "typ":"JWT"}' |
|
|
header='{"alg":"ES256K", "issuer": "", "typ":"JWT"}' |
|
|
|
|
|
|
|
|
payload='{"@context": "http://schema.org", "@type": "PlanAction", "identifier": "did:ethr:0xb86913f83A867b5Ef04902419614A6FF67466c12", "name": "Test", "description": "Me"}' |
|
|
payload='{"@context": "http://schema.org", "@type": "PlanAction", "identifier": "did:ethr:0xb86913f83A867b5Ef04902419614A6FF67466c12", "name": "Test", "description": "Me"}' |
|
|
|
|
|
|
|
|
header_b64=$(echo -n "$header" | jq -c -M . | tr -d '\n' | base64 | tr -d '=' | tr '+' '-' | tr '/' '_') |
|
|
header_b64=$(echo -n "$header" | jq -c -M . | tr -d '\n' | base64 | tr -d '=' | tr '+' '-' | tr '/' '_') |
|
@ -24,13 +22,11 @@ payload_b64=$(echo -n "$payload" | jq -c -M . | tr -d '\n' | base64 | tr -d '=' |
|
|
|
|
|
|
|
|
signing_input="$header_b64.$payload_b64" |
|
|
signing_input="$header_b64.$payload_b64" |
|
|
|
|
|
|
|
|
signature=$(echo -n "$signing_input" | openssl dgst -sha256 -sign private.pem) |
|
|
signature=$(echo -n "$signing_input" | openssl dgst -sha256 -sign private.pem | openssl base64 -e) |
|
|
|
|
|
|
|
|
|
|
|
echo -n "$signing_input" | openssl dgst -sha256 -verify public.pem -signature <(echo -n "$signature" | openssl base64 -d) |
|
|
|
|
|
|
|
|
echo -n "$signing_input" | openssl dgst -sha256 -verify public.pem -signature <(echo -n "$signature") |
|
|
|
|
|
|
|
|
|
|
|
# Also tested this, to no avail. |
|
|
|
|
|
#echo -n "$signature" > sig.out |
|
|
|
|
|
#echo -n "$signing_input" | openssl dgst -sha256 -verify public.pem -signature sig.out |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|