Re: signing data
On 12.06.2013 14:57, Dr. Stephen Henson wrote: On Fri, Jun 07, 2013, Michael Wild wrote: Thanks for all the answers. Now I feel really stupid about forgetting the implicit 0... Stephen: How do I prevent my program from hashing the data? EVP_md_null()? After all, hashing a hash is pretty pointless for my case... It depends on how you want to sign it. The data your program used is the hexdump of a digest and not the digest itself. You'd first need to convert that hex into the digest value and then use that digest for the signature. How you use that digest depends on the format you want to use. It's normal follow the PKCS#1 standard which packages the digest into a DigestInfo structure and uses RSA to sign the result. There are several ways to do that. The easiest is to use the EVP_PKEY API to set the digest algorithm and sign the result. You can use the corresponding utility pkeyutl to do the same. Steve. Thanks for the clarification. In that case it's probably easier for me to do the double-hashing. It's by no means performance critical or in any other way important. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
signing data
Dear all
I'm quite the noob in all things OpenSSL, and I'm struggling getting
started with signing a piece of data.
Here a MWE that should illustrate the problem. It loads private.pem (a
RSA private key I generated using `openssl genrsa -out private.pem
1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
but that's irrelevant) and then outputs the signature using base64 coding.
#include openssl/bio.h
#include openssl/conf.h
#include openssl/evp.h
#include openssl/pem.h
#include openssl/err.h
int main()
{
// data to sign
char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3;
// init openssl
OPENSSL_config(NULL);
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
// load private key for signing
EVP_PKEY* prv_key = NULL;
BIO* bio = BIO_new_file(./private.pem, rt);
prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL);
BIO_free(bio);
// sign data
EVP_MD_CTX ctx;
unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
unsigned int s;
EVP_MD_CTX_init(ctx);
if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort();
if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort();
if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort();
EVP_MD_CTX_cleanup(ctx);
// create base64 encoded output of the signature
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
bstdout = BIO_push(b64, bstdout);
BIO_write(bstdout, sign, s);
BIO_flush(bstdout);
BIO_free_all(bstdout);
// cleanup
free(sign);
ERR_remove_state(0);
ERR_free_strings();
EVP_cleanup();
CONF_modules_free();
CRYPTO_cleanup_all_ex_data();
}
Using this program I get the following output:
enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL
C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB
1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA=
However, when using the rsautl utility as follows, the result is different:
$ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \
openssl rsautl -sign -inkey ./private.pem | \
openssl enc -base64
FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG
RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh
170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4=
Am I missing something? AFAIK the default digest is SHA1, but I also
tried playing around with others (MD5, SHA256) and
EVP_PKEY_get_default_digest(), but still the result was different from
the one obtained with rsautl.
Any help would be greatly appreciated.
Michael
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Signature of EVP_DigestVerifyFinal()
Dear all I'm a total OpenSSL newbie, so please be kind. While writing my C++ program, I stumbled over the somewhat strange signature of EVP_DigestVerifyFinal: int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); I'm pretty sure that the second argument (sig) should actually be of type const unsigned char*. I come to this conclusion since the EVP_DigestVerifyFinal() function only calls EVP_PKEY_verify() and the EVP_MD_CTX::pctx::pmeth::verifyctx function pointer which is set via EVP_PKEY_meth_set_verifyctx(). Both of those functions take a const unsigned char* argument, so there is simply no point in having the sig argument to EVP_DigestVerifyFinal being modifiable. Am I missing something here? I tried googling for this, but nothing useful turned up. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Signature of EVP_DigestVerifyFinal()
Dear all I'm a total OpenSSL newbie, so please be kind. While writing my C++ program, I stumbled over the somewhat strange signature of EVP_DigestVerifyFinal: int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); I'm pretty sure that the second argument (sig) should actually be of type const unsigned char*. I come to this conclusion since the EVP_DigestVerifyFinal() function only calls EVP_PKEY_verify() and the EVP_MD_CTX::pctx::pmeth::verifyctx function pointer which is set via EVP_PKEY_meth_set_verifyctx(). Both of those functions take a const unsigned char* argument, so there is simply no point in having the sig argument to EVP_DigestVerifyFinal being modifiable. Am I missing something here? I tried googling for this, but nothing useful turned up. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
