Hello, > Currently I need to clarify what is the "NID_md5_sha1" is for? > I get a sort of successful results if I use either of "NID_md5", > "NID_sha1", "NID_ripemd160". But if I use "RSA_sign(NID_md5_sha1,...)" > it always fails, why? Ignore this, this is special case for SSL, not used in certificate stuff.
> Did I get the concept right - I need to obtain the message hash first > and feed it (the hash) to the "RSA_sign()", not the message itself? Yes. > I'm confused a bit reading the "man RSA_sign" - why "RSA_sign()" needs > to know which algorithm was used to produce a hash to be signed? Because X509 signature consists not simply encrypted by private key message digest (hash) but ASN1 structure called DigestInfo which has such information like message digest type. > A side note: is it very difficult to reconstruct the whole RSA object > if I know "*n", "*e" and "*d" elements? The "*n" and "*d" are 1024 > bits long. Yes :-). This is called factorization - find two prime numbers that n = p*q. > I noticed that if I use "RSA_3" in the "RSA_generate_key()" - the > "RSA_sign()" always fails with the substituted "*n" and "*d", while > with "*e" == "RSA_F4" it seems to "work". May I conclude that the > example CA's public key uses 65537 as it's public exponent? Yes and no, when signing, e number is not used so this should have no meaning to this process (but of course verify will not succeed) ... but, in OpenSSL RSA blinding is on by default and this process uses e number, I think that after disabling RSA blinding this e number will not give you errors (but of course this have no very big sense - just for test). But in general RSA blinding for "not online" usage may be disabled. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
