Andreas Wagner wrote:
Hi guys i want to sign a message (an array of char) out of my source
code. The problem is that i do not know exactly how to sign this message.
There are two possibilites (ECDSA_do_sign or the
EVP_DigestSignFinal(...) functions). which do i have to use? where is
the differnce? So i tried to work through the dgst.c in apps to get
the same result as: openssl dgst -ecdsa-with-SHA1 - sign ec_key.pem
-out test_ec_console.bin test.txt. But mine does not work.
So my code is looking like that:
const EVP_MD *md=NULL;
unsigned char *buf;
EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
BIO *in=NULL,*inp;
BIO *out=NULL,*bmd=NULL;
BIO *outscreen;
BIO *keyfile;
EC_KEY *b;
const char message[] = "this is an exaple text";
char *infile= "ec_key.pem";
int len;
int i=0;
PW_CB_DATA cb_data;
cb_data.password = NULL;
cb_data.prompt_info = NULL;
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
{
BIO_printf(outscreen,"out of memory\n");
}
if (!(md = EVP_get_digestbyname("ecdsa-with-SHA1"))){
printf("error unknown digest\n");
}
outscreen = BIO_new(BIO_s_file());
keyfile = BIO_new(BIO_s_file());
BIO_set_fp(outscreen, stdout, BIO_NOCLOSE);
in=BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
OpenSSL_add_all_digests();
out = BIO_new_file("test_ec_program.bin", "wb");
if (BIO_read_filename(keyfile,infile) <= 0)
{
perror(infile);
}
/* read EVP_PKEY */
if(!(pkey = PEM_read_bio_PUBKEY(keyfile,NULL,(pem_password_cb
*)password_callback,&cb_data)))
printf("error\n");
if (!BIO_set_md(bmd,md)){
printf("error setting diggest\n");
}
inp=BIO_push(bmd,in);
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
}
for(;;){
i = BIO_read(inp,(char *)buf,BUFSIZE);
if(i < 0)
printf("error during reading");
if (i == 0)
break;
}
BIO_write(outscreen,pkey,sizeof(pkey));
BIO_get_md_ctx(inp, &md_ctx);
// EVP_SignInit(md_ctx, EVP_ecdsa());
// EVP_SignUpdate(md_ctx, (const void*)message, strlen(message));
/* sign the message */
if (!(EVP_SignFinal(md_ctx,buf ,(unsigned int *)&len, pkey))){
printf("error during signing\n");
}
BIO_write(outscreen,buf,len);
I think the problem is to read the key as EVP_PKEY, there are some
problems (as EC_KEY there are no problems). The files are created with:
openssl ecparam -out ec_key.pem -name prime256v1 -genkey
openssl ec -in ec_key.pem -pubout -out oubkey.pem
the output is:
~☺ error during signing
thx for ur help
This works for me (not exactly - I only show the highlights ) I'm not
sure if it is right though and there will be better ways, but I at least
get a sig.
EC_KEY * eckey=NULL;
EC_GROUP * ecgroup=*ecgroupp;
EVP_PKEY *evpkey=NULL;
unsigned char * signature=NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
int signature_size, block_size;
unsigned char * block=NULL;
ecgroup = EC_GROUP_new_by_curve_name(OBJ_sn2nid("sect163k1"));
EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
EC_GROUP_set_point_conversion_form(ecgroup, form);
eckey=EC_KEY_new();
EC_KEY_set_group(eckey,ecgroup);
EC_KEY_generate_key(eckey)
evp_key=EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(evpkey,eckey);
signature=OPENSSL_malloc(EVP_PKEY_size(evpkey));
//Put the data in 'block' and the size of 'block' in 'block_size'
ECDSA_sign(0,block, block_size, signature, signature_size, eckey)
//You should have a sig in 'signature' at this point.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
