Now I'm wondering if I'm going about things correctly, should I be using DSA to sign things? DSA seems to only support signing something of up to 20 bytes.
Right. You do DSA(SHA-1(data))
Don't use MD5; there are security concerns. DSA is much less common than RSA.
Anything else I should be looking for/at?
Given the cryptographic naivete of your questions, you are better of using standard mechanisms like PKCS#7; see apps/pkcs7.c, e.g.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
