From c86a09178702627330d3567a1ac2d4650337aeea Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Thu, 9 Nov 2023 12:31:44 +0100
Subject: [PATCH] Solve optional data signing task

---
 Lab 2 - Certificates/README.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/Lab 2 - Certificates/README.md b/Lab 2 - Certificates/README.md
index 0da053d..a2713a8 100644
--- a/Lab 2 - Certificates/README.md	
+++ b/Lab 2 - Certificates/README.md	
@@ -299,3 +299,27 @@ Check the output:
 ```sh
 openssl x509 -in intermediate.cer -noout -text
 ```
+
+# Signing Data
+Create a file with secret content:
+```sh
+cd /root
+vi secret.txt
+```
+
+## Create Signature
+```sh
+# Create and encrypt hash of file
+openssl dgst -sha256 -sign /root/ca/private/ca.key.pem -out /tmp/hash.sha256 secret.txt
+# Convert hash file to base64
+openssl base64 -in /tmp/hash.sha256 -out secret.sig
+```
+
+## Verify Signature
+Under normal circumstances:
+```sh
+# Re-create hash file from base64
+openssl base64 -d -in secret.sig -out /tmp/hash.sha256
+# Check integrity of `secret.txt`
+openssl dgst -sha256 -verify /root/ca/ca.key.pem.pub -signature /tmp/hash.sha256 secret.txt
+```