Hello Mounir:
Agreed: your version appears cleaner and more to the point.
The EVP_* interfaces are not so easy to understand, but maybe
this is just me :-)
Thanks again for helping
-- Chev
On Fri, Jan 9, 2009 at 3:03 AM, Mounir IDRASSI mounir.idra...@idrix.net wrote:
As far as I know, it's
Hi Mounir:
Thanks a lot for the sample code, it answers all my questions!
Do you know if PSS is going to be part of the next release for RSA signatures?
Cheers
-- Chev
__
OpenSSL Project
Hi,
As far as I know, it's only supported in the 0.9.9 development tree
through the introduction of the new type EVP_PKEY_CTX and the new
functions EVP_PKEY_sign_init and EVP_PKEY_sign. Personally, I find it
simpler to implement this scheme using the low level primitives I showed
you in my
Dear all:
I have just implemented an RSA signature using openssl. What I observe
is that signing the same data (a SHA-256 hash) multiple times with the
same RSA key always yields the same signature. I thought the data to
be signed would be padded with random bits to avoid this. My search on
the
Hi,
RSA_sign only supports PKCS# 1 v1.5 padding which always gives the same
output for the same input data.
If you want to perfom a digital signature with PSS padding, you have to
pad the data yourself by calling RSA_padding_add_PKCS1_PSS and then call
RSA_private_encrypt on the padded output