I'm looking to secure the software update procedure for a little device I'm maintaining that runs Linux. I want to generate an md5sum of the update package's contents and then encrypt that hash with a private key before sending it out to the customer. When they load the update, the device should then decrypt the hash, verify it, and proceed with installation of the package.

我希望确保我正在维护的运行 Linux 的小设备的软件更新程序安全。我想生成更新包内容的 md5sum，然后在将其发送给客户之前用私钥加密该哈希。当他们加载更新时，设备应该解密哈希，验证它，然后继续安装包。

I'm trying to do this with OpenSSL and RSA. I found thisthread, and was discouraged. I then found thisthread and wondered how Perl gets around the purported impossibility of it all. I'm doing this in C, so perhaps there's a parallel function in an SSL library somewhere?

我正在尝试使用 OpenSSL 和 RSA 来做到这一点。我找到了这个线程，并感到气馁。然后我找到了这个线程，并想知道 Perl 如何解决所有所谓的不可能的问题。我在 C 中做这个，所以也许在某个地方的 SSL 库中有一个并行函数？

So my question really is: can I force command line Linux to take a public key as the decryption input, or perhaps use C to circumvent that limitation?

所以我的问题真的是：我可以强制命令行 Linux 将公钥作为解密输入，还是使用 C 来规避该限制？

Thanks in advance, all.

提前谢谢大家。