Hi all,
Thank you very much for the reply. I was going through the man page of
RSA_sign(). It is indicating as follows...
If type is NID_md5_sha1, an SSL signature (MD5 and SHA1 message digests
with PKCS #1 padding and no algorithm identifier)
is created.
It means that Signature Algorithm is not used in RSA_sign(). If my
understanding is correct, can anyone please point out how to make
RSA_sign() do this job.
Regards
Suram
At 02:16 AM 5/25/2005, Nils Larsch wrote:
Suram Chandra Sekhar wrote:
Hi all,
I have a doubt regarding EMSA-PKCS1-v1_5 usage in OpenSSL.
My requirement is that I want to sign some data using a specific Hash
Algorithm (SHA1).
For this Iam trying to do the following steps instead of calling
rsa_sign() function directly.
1. Calculate SHA1 Hash on the data to be signed.
2. Call RSA_private_encrypt with RSA_PKCS1_PADDING.
As per the documentation, this corresponds to EMSA-PKCS1-v1_5 encoding
method.
I referred to section 9.2 of rfc 3447(Public-Key Cryptography Standards
(PKCS) #1: RSA Cryptography Specifications Version 2.1)
document which says the following
EM = 0x00 || 0x01 || PS || 0x00 || T.
where T for SHA1 is defined as
SHA-1: (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H.
(H is the Hash value from Step 1).
My specific question is
Is it expected that the input I pass to RSA_private_encrypt for
"from" MUST contain the HASH pre-pended with the hex value defined
or is there any function in OpenSSL which can be called to set this
value.
RSA_private_encrypt adds only the 0x00 || 0x01 || PS || 0x00 padding
(if padding == RSA_PKCS1_PADDING). If you want to let openssl do the
whole encoding/padding use RSA_sign or if you want to create the T
value manually you need to use i2d_X509_SIG, see RSA_sign.
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]