Hi Stephen
Thanks a lot, that did the trick, the verify now returns ok.
Kind regards
Tim
On 03/18/2013 02:26 PM, Dr. Stephen Henson wrote:
On Mon, Mar 18, 2013, Tim Tassonis wrote:
Hi Erwann
What you have to do it hash your data, prepare an X509_SIG object, set
its "algor" to SHA1 (with NULL parameters), and fill the "digest" part
with your hash result. Then transform it into DER, and sign it with
CKM_RSA_PKCS mechanism.
Thanks a lot for the explanation. However, I can't find any
documentation about how to setup this X509_SIG object and then
transfer it into DER. The structure seems to look as follows:
typedef struct X509_sig_st
{
X509_ALGOR *algor;
ASN1_OCTET_STRING *digest;
} X509_SIG;
EVP_DigestFinal(&ctx,buf,&buf_len);
gives me a character buffer buf, containing the digest, but I seem
to have to encode this to ASN1_OCTET_STRING.
Can anybody quickly tell me the required functions or point me to an
example of how to do this?
Well you can use the ASN1 code for this but for a single digest you can just
manually prepend the necessary encoding. The fips code does this to avoid
having to include the ASN1 module. The relavant data is in
fips/rsa/fips_rsa_sign.c in any FIPS branch (and the master branch).
For example for SHA1 it is:
static const unsigned char sha1_bin[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05,
0x00, 0x04, 0x14
};
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
