Created
December 13, 2023 15:48
-
-
Save alexalouit/5ce1d2d477c61097aec0de6589f3f772 to your computer and use it in GitHub Desktop.
yubikey digital signature
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ brew install yubico-piv-tool | |
| Go to yubico manager, generate a PIV Digital Signature certificates | |
| - RSA2048 | |
| - Self-signed certificate | |
| - Expiration to 2029-12-31 | |
| - Management key (default) | |
| - PIN (default 123456) | |
| Generate a certificate | |
| $ yubico-piv-tool -a read-cert -s 9c -K PEM > yk.crt | |
| Export public key | |
| $ openssl x509 -pubkey -in yk.crt --nocert > yk.pub |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sign the file | |
| $ yubico-piv-tool -a verify-pin --sign -s 9c -H SHA512 -A RSA2048 -i file.txt -o file.sig |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verify the signature according to pubkey <> file | |
| $ openssl dgst -sha512 -verify yk.pub -signature file.sig file.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment