Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data.
Here a MWE that should illustrate the problem. It loads "private.pem" (a RSA private key I generated using `openssl genrsa -out private.pem 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, but that's irrelevant) and then outputs the signature using base64 coding. #include <openssl/bio.h> #include <openssl/conf.h> #include <openssl/evp.h> #include <openssl/pem.h> #include <openssl/err.h> int main() { // data to sign char data[] = "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3"; // init openssl OPENSSL_config(NULL); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); // load private key for signing EVP_PKEY* prv_key = NULL; BIO* bio = BIO_new_file("./private.pem", "rt"); prv_key = PEM_read_bio_PrivateKey(bio, &prv_key, NULL, NULL); BIO_free(bio); // sign "data" EVP_MD_CTX ctx; unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); unsigned int s; EVP_MD_CTX_init(&ctx); if (!EVP_SignInit_ex(&ctx, EVP_sha1(), NULL)) abort(); if (!EVP_SignUpdate(&ctx, data, sizeof(data))) abort(); if (!EVP_SignFinal(&ctx, sign, &s, prv_key)) abort(); EVP_MD_CTX_cleanup(&ctx); // create base64 encoded output of the signature BIO* b64 = BIO_new(BIO_f_base64()); BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE); bstdout = BIO_push(b64, bstdout); BIO_write(bstdout, sign, s); BIO_flush(bstdout); BIO_free_all(bstdout); // cleanup free(sign); ERR_remove_state(0); ERR_free_strings(); EVP_cleanup(); CONF_modules_free(); CRYPTO_cleanup_all_ex_data(); } Using this program I get the following output: enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB 1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA= However, when using the rsautl utility as follows, the result is different: $ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \ openssl rsautl -sign -inkey ./private.pem | \ openssl enc -base64 FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh 170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4= Am I missing something? AFAIK the default digest is SHA1, but I also tried playing around with others (MD5, SHA256) and EVP_PKEY_get_default_digest(), but still the result was different from the one obtained with rsautl. Any help would be greatly appreciated. Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org