In theory it should be possible to validate the signature of a piece of data if in possesion of the public key, signature and data that was signed and the hash algorithm is known.
I have all these components in binary format. Does anybody have an idea about the easiest way to validate this signature? OpenSSL? Python? An example would be great. Can it be done without writing code?
Here's how you can do it in Ruby.
require 'openssl'
signature = File.read('/path/to/sig.der')
data = File.read('/path/to/data')
pub_key = File.read('/path/to/ecdsa_pub_key')
key = OpenSSL::PKey::EC.new(pub_key)
if key.dsa_verify_asn1(data, signature) == true
puts 'verified'
end
This code requires that the OpenSSL linked against Ruby be compiled with elliptic curve support. (Red Hat flavored distributions of Linux do not satisfy this requirement)
If you're curious: dsa_verify_asn1 uses the ECSDA_verify function in the OpenSSL API.
You can use openssl to sign a message with a ECDSA signature, and then you can use openssl to verify the signature:
To sign a message (using SHA256 hashing, given the message and the signer's EC private key):
openssl dgst -sha256 -sign ec-privatekey.pem message.txt > signature.der
Then, to verify the signature (again using SHA256 hashing, given the message, the signer's EC public key, and the signature created above):
openssl dgst -sha256 -verify ec-publickey.pem -signature signature.der message.txt
