Thank you!! Worked perfectly and was exactly what I was missing. -----Original Message----- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, February 4, 2015 1:21 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] FIPS compliant digital signature
On Wed, Feb 04, 2015, Rex Bloom wrote: > Can someone help me understand what type of digital signature I can use for > FIPS compliance. > > I used this command: > > openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem > 2048 > > to generate a pem file but when I tried to load this as follows: > > RSA *rkey = PEM_read_bio_RSAPrivateKey( bio, 0, 0, > (void*)"mypassphrase"); > > I receive this error > > error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips'. > > Can you point to anything I am doing wrong here? > This is an openssl-users question not openssl-dev. You need to be in FIPS mode when you create the key. So if you do: OPENSSL_FIPS=1 openssl genrsa ... It should work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev