Created
July 9, 2019 21:02
-
-
Save 42wim/795acbdd90ac8a76fc78bc7f54ebbba7 to your computer and use it in GitHub Desktop.
vault transit verify signature offline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ vault write -f transit/keys/akey type=rsa-4096 | |
| Success! Data written to: transit/keys/akey | |
| $ vault read -field=keys -format=json transit/keys/akey | jq -r '.[]|.public_key' > pub.pem | |
| $ cat pub.pem | |
| -----BEGIN PUBLIC KEY----- | |
| MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyKC+YwNfucFi0qadwnjw | |
| s3yPvGNbYN/RvTMokeFBSP+k1H5wdrC27SNYpiqhCfXqR5D0jvUUG/KUqLYQ8oLu | |
| anQSH9RgUUKQn6YUuJfAYXTuNtoVaez+ONIqXJkyCuwa5s+z0PvGxKMOwl+mr+hw | |
| 1f1nP53kM0momAqMSlMiJCMpcPWu1RJEbhlTc/EE/rlghzU2dTKFwd3gMUFlEbzL | |
| XO/RL0xRKX7S7zHiOwiH3aLoKiOK1X9J5ooAezWWlmBiyE8pKhy0VmK0Jsh/Q+AB | |
| YLDygHO6DBV86c1TDrDGq5Iu8u8mokbJn3//42nUzTjA6f0XOsvQyVwlJ2DVgsas | |
| 4kLFrkmdVleMxPCThSaoQN/Lbm6p71ucTx/awTq6u1T2ov0Jh+K1hwyeTUPB3F0O | |
| 0L5y6jVXtn9ZKAmchGYZ5t37xHlYE8NiLahyzIgMVR5WqOndznmFRReiwLcqOhZp | |
| 2v9n9TyNdkLr+M3d2wfx4hCRnrbXAMG5TE+SIAg4EissC7n7m0J2dZ6TFCOEAwt6 | |
| IRHpGTjBChn23Msf/IHqnQiwjTfM8zwVCDzVYegjOIEIY5UsAQ/lqx2L05cfkPmH | |
| J62NzTd66zr4omIJ763oLT6XQGsriwPntSy1I2Gv5dio+Dm0MknuE+tlmgCyh+21 | |
| TuPWkcnkRbTZ/TvFXs5VrGsCAwEAAQ== | |
| -----END PUBLIC KEY----- | |
| $ echo "mysecret" > plaintext.txt | |
| $ cat plaintext.txt | base64 | vault write transit/sign/akey input=- | |
| $ cat plaintext.txt | base64 | vault write -format=json transit/sign/akey input=- | jq -r '.data.signature'|sed s#vault:v1:##g| base64 -d > plaintext.sign | |
| $ openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-2 -signature plaintext.sign -verify pub.pem plaintext.txt | |
| Verified OK |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment