What is the role of the SHA hash in signing a document in the OpenSSL library?

Question

What is the role of the SHA hash in signing a document in the OpenSSL library?

I follow OpenSSL to generate signatures. I use ruby 2.1.0 and create these signatures:

document = "This is a simple string document to be signed"
key = OpenSSL::PKey::RSA.new([private_key])
digest = OpenSSL::Digest::SHA256.new
signature = key.sign digest, document

The signal is transmitted and gets to the destination where it should be checked. To check, I like the following:

key = OpenSSL::PKey::RSA.new([pubkey])
digest = OpenSSL::Digest::SHA256.new
key.verify digest, signature, document # => valid

This works because if we change only one letter of the document or signature, it returns an invalid result:

key.verify digest, signature, changed_document # => Invalid

But on the other SHA, the validation command still produces a valid result:

digest = OpenSSL::Digest::SHA256.new('this will generate different SHA')
key.verify digest, signature, document # => valid

It confused me. Should another SHA hash produce an invalid result? What is the role of the digest here?

+4

ruby ruby-on-rails-4 openssl digital-signature sha256

Niroj Shrestha Jul 9 '14 at 10:22

source share

1

Frederick Cheung · Answer 1 · 2014-07-09T10:57:02+0000

OpenSSL::Digest::SHA256.new .

, openssl reset .

What is the role of the SHA hash in signing a document in the OpenSSL library?

More articles: