Hello, > >> I'm confused a bit reading the "man RSA_sign" - why "RSA_sign()" > >> needs to know which algorithm was used to produce a hash to be > >> signed? > > Because X509 signature consists not simply encrypted by private key > > message digest (hash) but ASN1 structure called DigestInfo which has > > such information like message digest type. > So, in my case - should the NID_md5|sha1|ripemd160 I feed to > RSA_sign() be the same as the actual hash algorithm used? Yes. This is compatible from algorithm specified in X509 certificate signatureAlgorithm (of course message digest "part"). For example in X509 signatureAlgorithm you may have sha1WithRSAEncription which means that you should decrypt signatureValue using RSA and after that you will have DigestInfo object with message digest OID sha1 and 20 bytes of real message digest value.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
