Dear all
I'm quite the noob in all things OpenSSL, and I'm struggling getting
started with signing a piece of data.
Here a MWE that should illustrate the problem. It loads "private.pem" (a
RSA private key I generated using `openssl genrsa -out private.pem
1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
but that's irrelevant) and then outputs the signature using base64 coding.
#include <openssl/bio.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
int main()
{
// data to sign
char data[] = "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3";
// init openssl
OPENSSL_config(NULL);
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
// load private key for signing
EVP_PKEY* prv_key = NULL;
BIO* bio = BIO_new_file("./private.pem", "rt");
prv_key = PEM_read_bio_PrivateKey(bio, &prv_key, NULL, NULL);
BIO_free(bio);
// sign "data"
EVP_MD_CTX ctx;
unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
unsigned int s;
EVP_MD_CTX_init(&ctx);
if (!EVP_SignInit_ex(&ctx, EVP_sha1(), NULL)) abort();
if (!EVP_SignUpdate(&ctx, data, sizeof(data))) abort();
if (!EVP_SignFinal(&ctx, sign, &s, prv_key)) abort();
EVP_MD_CTX_cleanup(&ctx);
// create base64 encoded output of the signature
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
bstdout = BIO_push(b64, bstdout);
BIO_write(bstdout, sign, s);
BIO_flush(bstdout);
BIO_free_all(bstdout);
// cleanup
free(sign);
ERR_remove_state(0);
ERR_free_strings();
EVP_cleanup();
CONF_modules_free();
CRYPTO_cleanup_all_ex_data();
}
Using this program I get the following output:
enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL
C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB
1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA=
However, when using the rsautl utility as follows, the result is different:
$ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \
openssl rsautl -sign -inkey ./private.pem | \
openssl enc -base64
FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG
RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh
170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4=
Am I missing something? AFAIK the default digest is SHA1, but I also
tried playing around with others (MD5, SHA256) and
EVP_PKEY_get_default_digest(), but still the result was different from
the one obtained with rsautl.
Any help would be greatly appreciated.
Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
