Code signing with a smart card
February 28, 20181 min read
Install the needed software
YubiKey-PIV-Tool
YubiKey-PIV-Manager
OpenSCImport the cert on the Card
Read the public key from the slot 9c :
pkcs15-tool --read-public-key 02Signing with the YubiKey
Gen a sha256 hash of the document to sign :
openssl dgst -sha256 -binary plaintext.txt > plaintext.txt.sha256Sign the sha256 hash of the document using the slot 9c :
pkcs15-crypt -s -i plaintext.txt.sha256 -o signed.output -f openssl --sha-256 --pkcs1 -k 02Verifying the Signature
Use the public key to verify the signature :
openssl dgst -sha256 -verify mykey.pub -signature signed.output plaintext.txt
Written By Papa Sall
Papa Sall is a Security Analyst and a Audit team leader @ Societe Generale. As part of his mission within SG, Papa is in charge of helping businesses by protecting their applications from potential hackers and cyber-attacks... Papa prevent attacks and threats to resources owned by the Financial Group. Do you want to know more? Visit my website!