I'm trying to use OpenSSL 1.0.1 Beta2 to create a SHA-2 digest for a 256-byte-long file and generate a signature using an RSA 2048-bit private key. Unfortunately it fails. One of the examples on page http://www.openssl.org/docs/apps/pkeyutl.html# <http://www.openssl.org/docs/apps/pkeyutl.html> says:
Sign data using a message digest value (this is currently only valid for RSA): openssl pkeyutl -sign -in file.bin -inkey key.pem -out sig -pkeyopt digest:sha256 However, the result is: >openssl pkeyutl -sign -in infile.bin -inkey privatekey.pem -out sig.bin -pkeyopt digest:sha256 Loading 'screen' into random state - done Public Key operation error 2388:error:0408E08F:rsa routines:PKEY_RSA_SIGN:invalid digest length:.\crypto\rsa\rsa_pmeth.c:206: Again, infile.bin is 256 bytes long. (If I don't specify the digest, then of course I get a complaint about the input data's being too long.) Is the behavior broken, or have I overlooked something? Thanks, Paul ________________________________________________________________________ _____________________________ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com <mailto:paul.suh...@quantum.com> Preserving the World's Most Important Data. Yours.(tm) ---------------------------------------------------------------------- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.