Those links (and the man pages in the latest release tarball, which they should
and do match) are different for me as they should be. *Some* of the setup code is the same for both directions, and mostly the same for other algorithms also - the main point of EVP_ is to use different algorithms through a mostly generic API. EVP_PKEY_encrypt won't do a signature. Although for RSA only (not other algorithms) sign/verify are mathematically similar to encrypt/decrypt, and this is reflected in the (way-old) low-level RSA_* function names, the actual signature and encryption schemes use different padding, and only EVP_PKEY_{sign,verify[recover]} does signatures. And even then they don't do the (data) hashing. The general public-key sign and verify processes are: S1. compute hash of data (or for CMS, hash of data-hash plus some other bits) S2. generate signature for hash S1 using private key (RSA, DSA, or ECDSA) S3. send signature with or linked to data, and certs if needed V0. receive signature and data, and receive or otherwise obtain certs if used V1. compute hash of data (or for CMS as above) - should always be same as S1 V2. verify received signature for hash V1 using public key For RSA only (and with minor exceptions) S2 breaks down as: S21. encode hashvalue plus OID for hash in ASN.1 S22. "pad" S21, classically PKCS#1(v1.5) which truly just pads; an alternative now is PSS which mixes up S21 in a complicated way but it still called padding S23. modexp S22 to private exponent d mod n and V2 breaks down as: V21. modexp signature to public exponent d mod n, which recovers S22 V22. "unpad" V21 using the same method as S22, which recovers S21 V23. un-encode V22=S21 and match to expected value and OID (old) EVP_Sign/Verify* does all of these steps, although for 2-level hashing like CMS it does only the 'last' data hash. (1.0.0+) EVP_DigestSign/Verify* does the same but with a more flexible and more logical set of arguments. EVP_PKEY_sign/verify[_init] does only S2 or V2; you must hash the data yourself. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of HelenH Zhang Sent: Tuesday, January 21, 2014 18:51 To: openssl-users@openssl.org; fr...@baggins.org Subject: Re: RSA_public_decrypt(), and RSA_private_encrypt() Thank you, Matt for your quick reply. I have additional questions: I looked both links below: https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html https://www.openssl.org/docs/crypto/EVP_PKEY_decrypt.html One for encryption, one for decryption, however, example code in the links are the same, which can not be true. I have the following code segment: ERR_load_crypto_strings(); pkey = EVP_PKEY_new(); rc = EVP_PKEY_assign_RSA(pkey, rsaKey); if (rc) { ctx = EVP_PKEY_CTX_new(pkey); if (!ctx) { rc = -1; } rc = EVP_PKEY_CTX_set_signature_md(ctx, md); if (rc == 1) rc = EVP_PKEY_encrypt_init(ctx); if (rc == 1) rc = EVP_PKEY_CTX_set_rsa_padding(ctx, pad); if (rc == 1) rc = EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) } EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); This code should perform similar function as EVP_Sign... except padding part. Is it correct? Thanks Helen _____ From: Matt Caswell <fr...@baggins.org> To: openssl-users@openssl.org Sent: Tuesday, January 21, 2014 1:35 PM Subject: Re: RSA_public_decrypt(), and RSA_private_encrypt() On 21 January 2014 15:44, HelenH Zhang <helen...@yahoo.com> wrote: > Dear experts: > > We want to be able to specify padding. > RSA_PKCS1_PADDING or RSA_NO_PADDING. > > I would like to use EVP API instead of RSA_Public_decrypt(), and > RSA_Private_encrypt(). > Which API should I use? > > I am currently using EVP_SignInit()/Update/Final() to do rsa sign, and > EVP_VerifyInit/Update/Final to do rsa verify. > > Thanks in advance for any suggestion. > Helen > Padding can be set using EVP_PKEY_CTX_set_rsa_padding. See: https://www.openssl.org/docs/crypto/EVP_PKEY_CTX_ctrl.html Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org