On Mon, Jul 31, 2006, k b wrote: > Thanks Stephens, > that worked. > i'm just curious what if one uses #>openssl rsautl -sign -inkey > ./private/cakey.pem -in plain.txt -out > signature.bin to create a signature, how would you verify it in a c. > essentially what i mean is can u pass null in 2nd argument to the > EVP_VerifyInit (&md_ctx, null); indicating there is no hashing algo to be > used. Is this right or is there some other way. >
No that wont work. You need to extract the RSA structure from the EVP_PKEY using EVP_PKEY_get1_RSA(). Then call RSA_public_decrypt() and compare the result to the contents of "plain.txt". There is a newer API where you can call EVP_PKEY_verify() directly from the EVP_PKEY structure but that's supported in 0.9.9 only. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
