Hi List, I've implemented the sign of data using the EVP_DigestSign and Verify functions. The client however also require a function to sign exsiting digests calculated by Windows? From some post found on the internet it seems I should call EVP_PKEY_sign() - correct? If so should I do checking that I only pass digests to this function?
Thanks Leon Brits > -----Original Message----- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Leon Brits > Sent: 15 March 2013 09:18 AM > To: openssl-dev@openssl.org > Subject: RE: RSA sign and verify > > It now works, thanks for your guidance! > > Leon Brits > > > -----Original Message----- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Dr. Stephen Henson > Sent: 15 March 2013 12:42 AM > To: openssl-dev@openssl.org > Subject: Re: RSA sign and verify > > On Thu, Mar 14, 2013, Leon Brits wrote: > > > Just a view more questions: > > > > In my existing code, I used the EVP_SignInit/Update/Final calls. I did > > not set the padding so the default (RSASSA_PKCS1.5) was always used. > > So now, to set the padding, I've added the code as mentioned after the > > EVP_SignInit() and before the first EVP_SignUpdate(). > > > > This all worked, until I've commented out the > > EVP_PKEY_CTX_set_rsa_padding() call from the verification function (as > > a test). This should cause the default padding to be used and should > > fail to verify signatures with the PSS padding scheme (right?). Well is > succeeds. > > > > 1. Comments? 2. Can I mix the EVP_SignInit/Update/Final() and > > EVP_DigestSignInit/Update/Final() calls? > > > > Info: I've noticed that one should not free the key context > > (EVP_PKEY_CTX) returned from EVP_DigestSignInit() since it is deleted > > in the digest context (EVP_MD_CTX). This sould be noted somewhere. > > > > No you can't mix the two. You should use EVP_Digest* throughout. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org