Those links (and the man pages in the latest release tarball, which they
should
and do match) are different for me as they should be. *Some* of the setup
code
is the same for both directions, and mostly the same for other algorithms
also -
the main point of EVP_ is to use different algorithms through a mostly
generic API.
EVP_PKEY_encrypt won't do a signature. Although for RSA only (not other
algorithms)
sign/verify are mathematically similar to encrypt/decrypt, and this is
reflected in the
(way-old) low-level RSA_* function names, the actual signature and
encryption schemes
use different padding, and only EVP_PKEY_{sign,verify[recover]} does
signatures.
And even then they don't do the (data) hashing.
The general public-key sign and verify processes are:
S1. compute hash of data (or for CMS, hash of data-hash plus some other
bits)
S2. generate signature for hash S1 using private key (RSA, DSA, or ECDSA)
S3. send signature with or linked to data, and certs if needed
V0. receive signature and data, and receive or otherwise obtain certs if
used
V1. compute hash of data (or for CMS as above) - should always be same as S1
V2. verify received signature for hash V1 using public key
For RSA only (and with minor exceptions) S2 breaks down as:
S21. encode hashvalue plus OID for hash in ASN.1
S22. "pad" S21, classically PKCS#1(v1.5) which truly just pads; an
alternative
now is PSS which mixes up S21 in a complicated way but it still called
padding
S23. modexp S22 to private exponent d mod n
and V2 breaks down as:
V21. modexp signature to public exponent d mod n, which recovers S22
V22. "unpad" V21 using the same method as S22, which recovers S21
V23. un-encode V22=S21 and match to expected value and OID
(old) EVP_Sign/Verify* does all of these steps, although for 2-level hashing
like CMS it does only the 'last' data hash. (1.0.0+) EVP_DigestSign/Verify*
does the same but with a more flexible and more logical set of arguments.
EVP_PKEY_sign/verify[_init] does only S2 or V2; you must hash the data
yourself.
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of HelenH Zhang
Sent: Tuesday, January 21, 2014 18:51
To: openssl-users@openssl.org; fr...@baggins.org
Subject: Re: RSA_public_decrypt(), and RSA_private_encrypt()
Thank you, Matt for your quick reply.
I have additional questions: I looked both links below:
https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html
https://www.openssl.org/docs/crypto/EVP_PKEY_decrypt.html
One for encryption, one for decryption, however, example code in the links
are the same,
which can not be true.
I have the following code segment:
ERR_load_crypto_strings();
pkey = EVP_PKEY_new();
rc = EVP_PKEY_assign_RSA(pkey, rsaKey);
if (rc) {
ctx = EVP_PKEY_CTX_new(pkey);
if (!ctx) {
rc = -1;
}
rc = EVP_PKEY_CTX_set_signature_md(ctx, md);
if (rc == 1)
rc = EVP_PKEY_encrypt_init(ctx);
if (rc == 1)
rc = EVP_PKEY_CTX_set_rsa_padding(ctx, pad);
if (rc == 1)
rc = EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
}
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
This code should perform similar function as EVP_Sign...
except padding part. Is it correct?
Thanks
Helen
_____
From: Matt Caswell <fr...@baggins.org>
To: openssl-users@openssl.org
Sent: Tuesday, January 21, 2014 1:35 PM
Subject: Re: RSA_public_decrypt(), and RSA_private_encrypt()
On 21 January 2014 15:44, HelenH Zhang <helen...@yahoo.com> wrote:
> Dear experts:
>
> We want to be able to specify padding.
> RSA_PKCS1_PADDING or RSA_NO_PADDING.
>
> I would like to use EVP API instead of RSA_Public_decrypt(), and
> RSA_Private_encrypt().
> Which API should I use?
>
> I am currently using EVP_SignInit()/Update/Final() to do rsa sign, and
> EVP_VerifyInit/Update/Final to do rsa verify.
>
> Thanks in advance for any suggestion.
> Helen
>
Padding can be set using EVP_PKEY_CTX_set_rsa_padding. See:
https://www.openssl.org/docs/crypto/EVP_PKEY_CTX_ctrl.html
Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
