On Sun, Jun 10, 2007, Philippe Stellwag wrote: > > Okay, I tried following and got always "invalid digest length" as error: > > # openssl pkeyutl -sign -inkey private.pem -in content.txt -out > content.ssl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 > Public Key operation error > 861:error:0408E08F:rsa routines:PKEY_RSA_SIGN:invalid digest > length:rsa_pmeth.c:162: > > # openssl pkeyutl -sign -inkey private.pem -in content.txt -out > content.ssl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-2 > Public Key operation error > 864:error:0408E08F:rsa routines:PKEY_RSA_SIGN:invalid digest > length:rsa_pmeth.c:162: > > What is wrong on that? >
With that command the input data should be the digest of the data being signed not the actual data itself. As such it should be of the correct length and it is a fatal error if it is not. The default digest is SHA1 so the length must be 20 bytes. If you want to digest and sign data then you need the 'dgst' utility or one of its alaiases such as 'sha1'. If you pass similar options to that utility it should then use PSS. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
