On Friday 19 September 2003 15:28, Frank wrote: > What I've seen so far with openssl is that there seems to be 10,000 ways > to do the same thing so I want to make sure I understand how to do a DSA > signature. My questions are as follows: > > 1. Do you need a separte cert for signing RSA DSA? I created certs with > the following shell (create parms and ca cert in different steps): > > #! /bin/sh > openssl req -newkey dsa:dsa_param.pem -nodes -keyout $1_priv.pem -out > $1_req.pem > openssl ca -in $1_req.pem -out $1_cert.pem -policy policy_anything > -infiles < ca_in > > Now will a cert created this way be suitable for signing data with DSA > w/SHA1 hash?
You don't need a cert to sign something only the private key matters. > > 2. If it will, then how do I sogn the data using the dsa(3) functions > or will the EVP funtions I used for signing RSA work too (i.e see > nothign that was RSA specific). i.e. > EVP_SignInit(); > EVP_SignUpdate(); > EVP_SignFinal(); You can do it with both methods but using the EVP_Sign* API is recommened (and simpler). Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
