Re: sign and verify
Yes, pretty much. Check out demos/sign/ in openssl. It's a simple app example that uses EVP_Sign* and EVP_Verify* to work the signing. It requires .pem files for use -- one X509 cert and one RSA key. Check the man pages on openssl ("req" command) to see how to generate them from the command line. Pedro. Hi All, I'm trying to write a little utility that will sign and verify a flat text file. The RSA_verify function looks like it's close to what I want, but the text file in question is not any kind of mail digest. This is for one off use, so I don't want to go the whole CA route. Just a simple public-private key digital signature. Can this be done easily with the libraries that come with openssl? -Chris Luchini TurboLabs __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Pedro Miller Rabinovitch Gerente Geral de Tecnologia Cipher Technology www.cipher.com.br __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
IV in EVP_SealInit - bug or feature?
The documentation (perldoc + web page) for EVP_SealInit state that: EVP_SealInit() initializes a cipher context ctx for encryption with cipher type using a random secret key and IV supplied in the iv parameter. That is not true, however, as we can see in p_seal.c (82-83): if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); iv actually works as a return parameter, which should be supplied to EVP_Open. Should this be the case? Is this a bug or a feature? It spares the programmer from having to generate an iv, but it also forces him/her to pass the iv together with the encoded message... Shouldn't the p_seal code match the manual? Regards, Pedro. -- Pedro Miller Rabinovitch Gerente Geral de Tecnologia Cipher Technology www.cipher.com.br __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Solved problem with EVP_Sign
Just to say I've at last found the problem in my signing implementation. I was using EVP_MAX_MD_SIZE as limit for my signature array, and that was of course completely wrong; I see now I should have used EVP_PKEY_size(pkey) instead. Pedro. -- Pedro Miller Rabinovitch Gerente Geral de Tecnologia Cipher Technology www.cipher.com.br __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
EVP_Verify failing -- Help!
Hello, I'm not sure these messages are getting through to the list -- can someone please answer me? I've posted already, but it didn't reflect my message. Can anyone acknowledge this message please? Thanks! -- I've been having some trouble with EVP_Verify, perhaps someone could lend me a hand. I've signed the message with: EVP_MD_CTX evp; EVP_PKEY *evp_key; unsigned char md_value[EVP_MAX_MD_SIZE]; evp_key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(evp_key, privkey); EVP_SignInit(evp, EVP_sha1()); EVP_SignUpdate(evp, msg, strlen(msg)); if(0 == EVP_SignFinal(evp, md_value, md_len, evp_key)) { printf("error signing message.\n"); ERR_print_errors_fp(stderr); } Then I tried verifying: EVP_VerifyInit(evp, EVP_sha1()); EVP_VerifyUpdate(evp, msg, strlen(msg)); res = EVP_VerifyFinal(evp, md_value, md_len, evp_key); if(1==res) printf("Signature verified.\n"); else if(0==res) printf("Incorrect signature!\n"); else if(-1==res) { printf("Error verifying signature!\n"); ERR_print_errors_fp(stderr); } ... and I get "Incorrect signature" all the time. I've even tried printing out the signature, and it all checks ok. Am I completely off-target here? I'm probably missing something... Can someone help me with this, please? Thanks in advance, Pedro. -- Pedro Miller Rabinovitch Gerente Geral de Tecnologia Cipher Technology www.cipher.com.br __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]