On 27/01/2019 17:43, prithiraj das wrote: > Hi All, > > Using OpenSSL, I need to implement digital signing. My approach as of now is: > 1) At the sender side, generate the hash of the data using sha256. > 2) Encrypt the hash of the data using RSA Private key for the purpose of > signing. Send this encrypted hash and the data from Step 1 to the receiverr > side. > 3) At the receiver's end, Decrypt the signed data(encrypted hash) using the > corresponding RSA Public key. > 4) Generate hash of the data and verify the decrypted content against this > hash > to verify the signature > > I was thinking of using RSA_private_encrypt() method to do the signing and > RSA_public_decrypt() method to decrypt the signed hash using the corresponding > RSA public key. Would the above be a bad approach especially when it comes to > using the methods mentioned ? Please recommend the methods to be used that > would > be better for the purpose of digital signing and verification using sha256 and > RSA keys
Consider using the EVP_DigestSign*() functions, rather than the RSA_* ones. This is the preferred way of doing this: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html This has the advantages of handling all of the digesting and padding issues for you. It also gives you greater flexibility to change digest and/or signing algorithms at a later point if you wish. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
