On Tue, Mar 12, 2013, Leon Brits wrote: > > I am implementing a sign and verify function for RSA and DSA (for now just > RSA) using the EVP methods. In the manual it says this is the preferred > method. It all _works_ fine, but I have a requirement to support different > padding schemes: RSASSA-PKCS1.5 and RSASSA-PSS. I've searched for how to > change the padding scheme when I sign, but could not find how to do it the > "EVP way". >
You need OpenSSL 1.0.0 or later and the EVP_Digest*() API. You need to retrieve the EVP_PKEY_CTX uses and then set appropriate parameters using the EVP_PKEY_ctrl function. There are various macros defined to change the padding mode and parameters. So typically you'd call EVP_DigestSignInit(), get the associated context then call EVP_PKEY_CTX_set_rsa_padding() and optionally some other PSS parameters. See manual pages for more info. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
