Data integrity using OPENSSL

Verify Digital Certificates

Overview

This demonstration will show a transaction between A and B from creation of digital signature to verification of digital signature. In addition, we will validate the authenticity and integrity of the document sent to the receiver.

Digital Certificate

Digital certificate enables security in exchange of information in the internet. It verifies whether the message sent by a user has been tampered.

Nonrepudiation is a security concept that ensures that the sender of a message cannot deny having sent the message, and that the recipient of the message cannot deny having received the message. Digital signatures are a commonly used method to achieve nonrepudiation in electronic communication.

Secure Socket Layer

To secure the internet connection it uses SSL. An SSL certificate prevent man-in-the-middle attacks or online criminals in modifying data being transferred between the client and the web server.

OPENSSL

An open-source tool used to produce private key, digital certificate, install TLS certificate and view certificate information (DigiCert, 2023).

OPENSSL commands are available here. 🔗

In this case there is a public and private key. Private key is used to produce digital signature that can be verified by the receiver (Wilson, 2021).

Digital signature only verifies the document whether it is altered or not. It keeps the original data and does not encrypt document. 💡

First open your Kali Linux terminal or if you are using your MAC or Linux OS, it’s fine.

In the cyber world, people’s information is kept confidential through the use of encryption (Wilson, 2021)

What we will do?

1. Create a private key
2. Create a public key
3. Create a document and encrypt it using your private key
4. Use the private key to digitally sign the new document
5. Read the message using the public key

openssl genpkey -algorithm RSA -out private_key.pem

If you want to view the generated private key use cat <document name>

cat private_key.pem

Use this command to check generated files on the upcoming steps.

2. Generate a public key — Public key is use to read the encrypted data.

openssl pkey -in private_key.pem -pubout -out public_key.pem

3. Create a document.

echo Please transer 2,000,000 AUD to Mr. Anton by 8am today > confidential_contract.txt

4. Sign the document. We will use SHA-256 and private_key.pem which we generated in the previous steps to sign the document.

Document name: confidential_contract.txt

Signature: signature

Private key: private_key.pem

Public key: public_key.pem

openssl dgst -sha256 -sign private_key.pem -out signature confidential_contract.txt

check the signature file

5. Verify the authenticity and integrity of the document using the openssl dgst

openssl dgst -sha256 -verify public_key.pem -signature signature contract.txt

6. Let us try to alter the confidential document.

In this example I edited the document using Vim you can try on your Kali Linux system “gedit <filename>” to edit

Reuse the openssl dgst command it will now fail because we’ve edited the document.

Anton Caballes is a student, software developer, and cybersecurity enthusiast. He has a Bachelor’s degree in Information and Communications Technology from San Beda University and is currently pursuing a Master’s in Information Technology at King’s Own Institute Sydney. Check out his work and learning on his personal website and Medium page at https://medium.com/@antonraphaelcaballes. Connect with Anton on LinkedIn to learn more about his achievements and future endeavors.