Sign and Verify file with SSH Keys

Signing files

ssh-keygen -Y sign -f ~/.ssh/id_rsa -n file ${file_to_sign}

~/.ssh/id_rsa is the path of private key
the default signature name is ${file_to_sign}.sig

Verifying signatures

prepare allowed_signers with email address, key type and public key.

[email protected] ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1IUBsl/582WYfgvER5iuG6lnWWLhRvHz5jjUxOWpTVMNiDvI1eUS5XIE8m1i2PLR1CD4+65yX48q+UT9TXqFVR8N33kuHUkbnNooqUCdYfjKcGD/HqhpjUcleYdzAn6HmVW8R3byEs51wcopQMV5r57F6+EJw7ssrcgc7wvHMjs4+4erW2Nfu9h5MGXww6v3W/ampcVyCMtY568FORNfNQ8Jhan911CQl6zgGiteqI03ccOWaELtn8+QieIMEPaoDMf9n0V9ULPsK6M9RYIXv2o38HiRA2tskdOZ+hWfdMG/zw/TyhITZr1wlsxzNQvQrrRgxkt/6DVdUqL960267QfgaUqe+eGB908mAYBDD14wMI9CZqz7i8oMEOBXG4SJYg9F+5e+va/SLTUo97MkGx3Ng0zoTWNtTQYw+JHWt76QnOBGc3xNsNipceKZo5zzHp7AYxhddOaIniYqLnH9Yb3A5B4Tv9a954fikHLiv97DkUEsk2niePdD8Pb1t5UU=

use the following command to verify.

ssh-keygen -Y verify -f allowed_signers -I [email protected] -n file -s ${file_to_verify.sig} < ${file_to_verify}

The output if the signature is valid.

Good "file" signature for [email protected] with RSA key SHA256:NmVC1oHNMssv0UfhfCSUKY2UjboQrGI5RwCGK7n0pIU

Reference

https://www.agwa.name/blog/post/ssh_signatures

Disclaimer

License under CC BY-NC 4.0
Copyright issue feedback me#imzye.me, replace # with @
Not all the commands and scripts are tested in production environment, use at your own risk
No privacy information is collected here

Try iOS App

Yi's Blog