Julius, I'm a bit slow and a newbie, but this looks to me like a 28 byte string not 20? Can you explain please.
<ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue> also Goetz, > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. Unfortunately, I think I do need both the digest and the signature to stuff my xml message as in example attached in previous posts. Thank you both for your patience. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 26 February 2007 22:30 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest I think I finally understand. This isn't 28 bytes: <ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue> That's 20 bytes of base64 encoded bytes. So you really are using sha1. yours, Julius On 2/26/07, Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello David, > > WCR wrote: > > Julius > > > > You're probably pointing me in the right direction. > Not really. > > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte > > character string. My problem now is I can't use it in my xml message because > > of invalid characters. > > > > If I try "openssl enc -base64" the output is 40bytes. > > > > Is there another step I need to take to get a valid string? > > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. > > If you only want a raw base64 encoded signature (no PKCS#7) > You do the following: > > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt > openssl enc -base64 -in sig.bin -out signature.b64 > > 1st step: digest and sign data > 2nd step: convert generated binary signature into base64 > With a 1024 bit RSA key the file is 175 bytes long (containing > 3 line feeds) > > In a program the first step is done with the functions > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and > EVP_SignFinal() > > Bye > > Goetz > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR > zHll0H48SpOrutZJ036eycE= > =S40W > -----END PGP SIGNATURE----- > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
