So I want to do the following
- Check the RSA public key of a https server
- Make a GET request to that server
- Get a response+signature from the server
- I should be able to check if ANY reponse+signature pair matches the publickey.
I was able to get the public key based on another qeustion https://security.stackexchange.com/a/16091
openssl s_client -connect the.host.name:443 | openssl x509 -pubkey -noout
But I don’t know how to get a signature on the response message.
Is it possible? Do I need to specify a request header with curl? Am I missing something?
The reason I need this is because I’m trying to setup a smart contract (blockchain), with the public key stored. People will send messages and I want to be able to check the messages come from server.