Setup / Crypto / Tutorial

Code signing with a smart card

February 28, 20181 min read
code signing

Install the needed software

YubiKey-PIV-Tool
YubiKey-PIV-Manager
OpenSC

Import the cert on the Card

Read the public key from the slot 9c :

pkcs15-tool --read-public-key 02

Signing with the YubiKey

Gen a sha256 hash of the document to sign :

openssl dgst -sha256 -binary plaintext.txt > plaintext.txt.sha256

Sign the sha256 hash of the document using the slot 9c :

pkcs15-crypt -s -i plaintext.txt.sha256 -o signed.output -f openssl --sha-256 --pkcs1 -k 02

Verifying the Signature

Use the public key to verify the signature :

openssl dgst -sha256 -verify mykey.pub -signature signed.output plaintext.txt
code signingsmartcard