Home/ Questions/Q 9121251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T05:49:06+00:00

I’m looking to secure the software update procedure for a little device I’m maintaining

  • 0

I’m looking to secure the software update procedure for a little device I’m maintaining that runs Linux. I want to generate an md5sum of the update package’s contents and then encrypt that hash with a private key before sending it out to the customer. When they load the update, the device should then decrypt the hash, verify it, and proceed with installation of the package.

I’m trying to do this with OpenSSL and RSA. I found this thread, and was discouraged. I then found this thread and wondered how Perl gets around the purported impossibility of it all. I’m doing this in C, so perhaps there’s a parallel function in an SSL library somewhere?

So my question really is: can I force command line Linux to take a public key as the decryption input, or perhaps use C to circumvent that limitation?

Thanks in advance, all.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Let’s assume you have generated a public and private RSA key using openssl genrsa:

    $ openssl genrsa -out mykey
Generating RSA private key, 512 bit long modulus
...++++++++++++
..........++++++++++++
e is 65537 (0x10001)
$ openssl rsa -in mykey -pubout -out mykey.pub
writing RSA key

    You can sign something with the private key like this:

    $ md5sum myfile | openssl rsautl -inkey mykey -sign > checksum.signed

    You can verify this data using the public key:

    $ openssl rsautl -inkey mykey.pub -pubin -in checksum.signed
df713741d8e92b15977ccd6e019730a5  myfile

    Is this what you’re looking for?

    • 0