2 people are trying to have secured communication. They are User A, and User B.
Private key is supposed to be owned, kept private, and only accessible by own user. Public key is supposed to be owned by own user, but can be shared publicly. Having private key, we can derive public key easily, but NOT vice versa!!
When User B want to send User A some data, User B will use User A's public key, to perform data encryption. Only User A who has own private key can decrypt and read the data.
When User A want to claim data is actually sent out by himself, he can sign the data with own private key. If User B want to validate whether signed data is actully signed by User A or not, he can use User A's public key, signed data to compare with the original data.
- OpenSSL
- Blockchain
<!-- generate private key -->
openssl genrsa > private.pem
<!-- derive public key from private key -->
openssl rsa --in private.pem -pubout --out public.pem
<!-- create data.txt -->
echo "TOP SECRET! READ AND DESTROY!" > data.txt
<!-- create data-fake.txt -->
echo "TOP SECRET! BUT THIS IS FAKE!" > data-fake.txt
user B can
openssl pkeyutl -encrypt -pubin public.pem -in data.txt --out data.txt.enc
openssl pkeyutl -decrypt -inkey private.pem -in data.txt.enc -out decrypt-data.txt
openssl pkeyutl -sign -inkey private.pem -in data.txt -out data.txt.signed
openssl pkeyutl -verify -inkey public.pem -pubin -sigfile data.txt.signed -in data.txt
>> Signature Verified Successfully
openssl pkeyutl -verify -inkey public.pem -pubin -sigfile data.txt.signed -in data-fake.txt
>> Signature Verification Failure
openssl dgst -sha256 data.txt.signed
SHA2-256(data.txt.signed)= d1832814383d1f44d8d9db6f8ee7754394213675fc6b257bc0e2dc714ba5cf76*
*store resulting hash into blockchain
Data verification in blockchain:
- data is signed
- signed data is calculated hash (e.g. SHA256)
- calculated hash is store in blockchain
- validator take the given signed data to calcuated hash again (AKA decrypt message)
- compare validator calculated hash with blockchain stored hash (AKA compare decrypt message with original message) a. if match, verification succeed b. if not match, verification failed
- openssl solves whether data was actually signed by User A or not
- blockchain solves whether data has been tempered or not
Together openssl and blockchain ensure that data is actually authentic
- created by User A
- has not been changed by any users, including User A!
USER A
--
signed_data = fx(userA's privkey, msg)
hash = fx(signed_data, hashing_algorithm)
blockchain_hash = store(hash)
USER B
--
hash = f(given_signed_data, hashing_algorithm)
if USER B's hash == blockhain_hash:
-> signed_data has NOT been tempered!
else:
-> signed_data has been tempered!
verify_data_creator = fx(signed_data, userA's pubkey, data)
if verify_data_creator == TRUE:
-> userA is the creator!
else:
-> userA is NOT the the creator!