Re: signing data
On 12.06.2013 14:57, Dr. Stephen Henson wrote: On Fri, Jun 07, 2013, Michael Wild wrote: Thanks for all the answers. Now I feel really stupid about forgetting the implicit 0... Stephen: How do I prevent my program from hashing the data? EVP_md_null()? After all, hashing a hash is pretty pointless for my case... It depends on how you want to sign it. The data your program used is the hexdump of a digest and not the digest itself. You'd first need to convert that hex into the digest value and then use that digest for the signature. How you use that digest depends on the format you want to use. It's normal follow the PKCS#1 standard which packages the digest into a DigestInfo structure and uses RSA to sign the result. There are several ways to do that. The easiest is to use the EVP_PKEY API to set the digest algorithm and sign the result. You can use the corresponding utility pkeyutl to do the same. Steve. Thanks for the clarification. In that case it's probably easier for me to do the double-hashing. It's by no means performance critical or in any other way important. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
signing data
Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data. Here a MWE that should illustrate the problem. It loads private.pem (a RSA private key I generated using `openssl genrsa -out private.pem 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, but that's irrelevant) and then outputs the signature using base64 coding. #include openssl/bio.h #include openssl/conf.h #include openssl/evp.h #include openssl/pem.h #include openssl/err.h int main() { // data to sign char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3; // init openssl OPENSSL_config(NULL); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); // load private key for signing EVP_PKEY* prv_key = NULL; BIO* bio = BIO_new_file(./private.pem, rt); prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL); BIO_free(bio); // sign data EVP_MD_CTX ctx; unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); unsigned int s; EVP_MD_CTX_init(ctx); if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort(); if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort(); if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort(); EVP_MD_CTX_cleanup(ctx); // create base64 encoded output of the signature BIO* b64 = BIO_new(BIO_f_base64()); BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE); bstdout = BIO_push(b64, bstdout); BIO_write(bstdout, sign, s); BIO_flush(bstdout); BIO_free_all(bstdout); // cleanup free(sign); ERR_remove_state(0); ERR_free_strings(); EVP_cleanup(); CONF_modules_free(); CRYPTO_cleanup_all_ex_data(); } Using this program I get the following output: enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB 1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA= However, when using the rsautl utility as follows, the result is different: $ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \ openssl rsautl -sign -inkey ./private.pem | \ openssl enc -base64 FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh 170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4= Am I missing something? AFAIK the default digest is SHA1, but I also tried playing around with others (MD5, SHA256) and EVP_PKEY_get_default_digest(), but still the result was different from the one obtained with rsautl. Any help would be greatly appreciated. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Signature of EVP_DigestVerifyFinal()
Dear all I'm a total OpenSSL newbie, so please be kind. While writing my C++ program, I stumbled over the somewhat strange signature of EVP_DigestVerifyFinal: int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); I'm pretty sure that the second argument (sig) should actually be of type const unsigned char*. I come to this conclusion since the EVP_DigestVerifyFinal() function only calls EVP_PKEY_verify() and the EVP_MD_CTX::pctx::pmeth::verifyctx function pointer which is set via EVP_PKEY_meth_set_verifyctx(). Both of those functions take a const unsigned char* argument, so there is simply no point in having the sig argument to EVP_DigestVerifyFinal being modifiable. Am I missing something here? I tried googling for this, but nothing useful turned up. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Signature of EVP_DigestVerifyFinal()
Dear all I'm a total OpenSSL newbie, so please be kind. While writing my C++ program, I stumbled over the somewhat strange signature of EVP_DigestVerifyFinal: int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); I'm pretty sure that the second argument (sig) should actually be of type const unsigned char*. I come to this conclusion since the EVP_DigestVerifyFinal() function only calls EVP_PKEY_verify() and the EVP_MD_CTX::pctx::pmeth::verifyctx function pointer which is set via EVP_PKEY_meth_set_verifyctx(). Both of those functions take a const unsigned char* argument, so there is simply no point in having the sig argument to EVP_DigestVerifyFinal being modifiable. Am I missing something here? I tried googling for this, but nothing useful turned up. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org