如何用私钥签名一个文件

首先需要一台Linux服务器，例如Fedora 30，在上面安装openssl的命令，例如

$ sudo dnf install *openssl*
$ which openssl
/usr/bin/openssl

生成key pair，public key被包含在crt文件中：

$ openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "RCP_SOL004.key" -out "RCP_SOL004.crt" -days 36500 -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=Nnn/OU=RCP"
Generating a RSA private key
..................++++
...................................................++++
writing new private key to 'RCP_SOL004.key'
-----
$ ls
RCP_SOL004.crt  RCP_SOL004.key

生成一个将被保护的文件：

echo "Hello, World!" > sign.txt

对被保护的文件签名：

$ openssl dgst -sha256 -sign "RCP_SOL004.key" -out sign.txt.sha256 sign.txt

验证文件是否被修改：

$ openssl dgst -sha256 -verify <(openssl x509 -in RCP_SOL004.crt -pubkey -noout) -signature sign.txt.sha256 sign.txt
Verified OK

参考

https://raymii.org/s/tutorials/Sign_and_verify_text_files_to_public_keys_via_the_OpenSSL_Command_Line.html