> Pablo J. Royo wrote:
>
> Hi:
>
> I need to sign files with two different private keys (two
> signers).Files are quite big and I dont want to read the whole file
> each time a signer may sign, because the digest its the same for every
> one.
> So I�d like to call EVP_SignInit( ctx ), EVP_SignUpdate(ctx) (this as
> not EOF) ... only one time, and then issue a
> EVP_SignFinal(ctx,PrivateKey..) for each new sign.
> I�ve modified the demos/sign.c file to do this, but the second sign is
> never good, which I think is becuse something in the contex (ctx is a
> struct EVP_MD_CTX ) is beeing changed after the first sign process.
>
> Could I use a fresh copy of contex for each new EVP_SignFinal ?
> Is there any function to safely copy the contex for later use ?
> I�d like another solution, but...
You can currently copy a context for later use but this is strongly
discouraged because it is not guaranteed to work with things like
external crypto libraries.
There isn't a clean way using the EVP interface at present but you could
just generate the digest and sign it yourself using RSA_sign() or
DSA_sign() as many times as you need to.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
