Proving Possession of a Private Key - SSL.com (2024)

Table of Contents
Contents Create a Signature with the Private Key Confirm that Private Key Matches Certificate Code Signing Nuget Packages with eSigner Bulk Enrollment of Organization Validation (OV) S/MIME Certificates How to publish your S/MIME certificate to a Global Address List (GAL) LDAP Integration with S/MIME Certificates Validation Process for Document Signing, Code Signing, and EV Code Signing Certificates Subscribe To SSL.com’s Newsletter Stay Informed and Secure

Home » How-Tos » Task » Other » Proving Possession of a Private Key

You can use OpenSSL to show proof-of-possession (POP) of a private key by signing a test file with it. This method works for both RSA and ECC keys.

What is OpenSSL?
OpenSSL is a very useful open-source command-line toolkit for working with X.509 certificates, certificate signing requests (CSRs), and cryptographic keys. If you are using a UNIX variant like Linux or macOS, OpenSSL is probably already installed on your computer. If you would like to use OpenSSL on Windows, you can enable Windows 10’s Linux subsystem or install Cygwin.

Create a Signature with the Private Key

  1. Create a test file:

    echo ssl.com > test.txt

  2. Sign the sha256 hash of the test file, using the private key (replace privatekey.pem in the command below with the key’s actual filename):

    openssl dgst -sha256 -sign privatekey.pem -out test.sig test.txt
  3. You can now prove possession of the private key by sending test.sig and test.txt to a verifying third party, such as SSL.com. You can also check if the private key matches a certificate by following the procedure below:

Confirm that Private Key Matches Certificate

  1. Extract the public key from the certificate (replace certificate.pem in the command below with the certificate’s actual filename):

    See Also
    Administering Oracle Cloud Identity ManagementHow to convert a certificate into the appropriate formatBreaking RSA Encryption - an Update on the State-of-the-Art - QuintessenceLabsGenerate OpenSSL RSA Key Pair from the Command Line

    openssl x509 -pubkey -noout -in certificate.pem > publickey.pem

  2. Verify the sha256 hash of the test file, using the public key:

    openssl dgst -sha256 -verify publickey.pem -signature test.sig test.txt
  3. If the private key matches the certificate, you’ll get the output Verified OK. If not, you’ll get a Verification Failure.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

SSL.com Support Team

Author - Content Administrator

All Posts

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Proving Possession of a Private Key - SSL.com (2)

Stay Informed and Secure

SSL.comis a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements fromSSL.com.

Proving Possession of a Private Key - SSL.com (2024)
Top Articles
Coin Slot Piercing & Large Gauge Removal
Privacy - Features
Reflexo online as 10 melhores coisas para fazer e atividades em Bendigo, Australia Fax Email Print - Pdffiller
SOGOTRADE Review 2021: Taxas, serviços e muito mais
Latest Posts
The Best Way To Exit a Trade
Cryptocurrency Issuer Ripple Enters China Market With LianLian Partnership
Article information

Author: Jamar Nader

Last Updated:

Views: 6521

Rating: 4.4 / 5 (55 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Jamar Nader

Birthday: 1995-02-28

Address: Apt. 536 6162 Reichel Greens, Port Zackaryside, CT 22682-9804

Phone: +9958384818317

Job: IT Representative

Hobby: Scrapbooking, Hiking, Hunting, Kite flying, Blacksmithing, Video gaming, Foraging

Introduction: My name is Jamar Nader, I am a fine, shiny, colorful, bright, nice, perfect, curious person who loves writing and wants to share my knowledge and understanding with you.