On 7 June 2013 07:06, Michael Wild <them...@users.sourceforge.net> wrote:
> Dear all > > I'm quite the noob in all things OpenSSL, and I'm struggling getting > started with signing a piece of data. > The thing is that on the command line your data is subtly different than in your C program. Hash algorithms are ruthless in this regard and that's why they are so useful ;) See my comments inlined. > Here a MWE that should illustrate the problem. It loads "private.pem" (a > RSA private key I generated using `openssl genrsa -out private.pem > 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, > but that's irrelevant) and then outputs the signature using base64 coding. > > #include <openssl/bio.h> > #include <openssl/conf.h> > #include <openssl/evp.h> > #include <openssl/pem.h> > #include <openssl/err.h> > > int main() > { > // data to sign > char data[] = "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3"; > `data' includes terminating '\0' implicitly > > // init openssl > OPENSSL_config(NULL); > OpenSSL_add_all_digests(); > ERR_load_crypto_strings(); > > // load private key for signing > EVP_PKEY* prv_key = NULL; > BIO* bio = BIO_new_file("./private.pem", "rt"); > prv_key = PEM_read_bio_PrivateKey(bio, &prv_key, NULL, NULL); > BIO_free(bio); > > // sign "data" > EVP_MD_CTX ctx; > unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); > unsigned int s; > > EVP_MD_CTX_init(&ctx); > if (!EVP_SignInit_ex(&ctx, EVP_sha1(), NULL)) abort(); > if (!EVP_SignUpdate(&ctx, data, sizeof(data))) abort(); > This should be either `sizeof(data) - 1' or `strlen(data)' HTH, Kris