Thank you, Steve, for the swift reply. Can I use i2d_X509_SIG to perform to encapsulation step (supposing I have to use RSA_private_encrypt)?
Best regards, Bob D. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: donderdag 28 oktober 2010 12:32 To: openssl-users@openssl.org Subject: Re: rsa_sign versus RSA_private_encrypt On Thu, Oct 28, 2010, Bob Dijck wrote: > Hello, > > I am trying to implement a signing function in C++ using RSA. Here's how I > wanted to do this: - First I calculate the SHA1 hash (not using openssl but > another implementation). - But then what? Should I use RSA_private_encrypt > or rsa_sign? When I use RSA_private_encrypt the result is different from > when I use rsa_sign... The openssl support pages mention that in case of > RSA_PKCS1_PADDING (that's the one I use) I should use rsa_sign. Is there any > way around this? > > I thought that signing was a two step process: hash + RSA encryption of > hash. Am I doing something wrong? > The usual form of RSA signature is a three step process. Calculate hash, encapsulate hash in a DigestInfo structure, RSA private key encrypt the structure. If you use RSA_sign() all three steps are performed, for RSA_private_encrypt() the encapsulation is not performed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail and any attachments contain material that is confidential for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
