On Thu, Oct 28, 2010, Bob Dijck wrote: > Thank you, Steve, for the swift reply. > Can I use i2d_X509_SIG to perform to encapsulation step (supposing I have to > use RSA_private_encrypt)? >
Well you can if you want but RSA_sign() does all that for you. There is an easier way: the encapsulation effectively prepends fixed data to the signature. The FIPS libraries use this technique to avoid having to drag in the whole ASN1 library. The prepended data depends on the digest type, you can get the required prefix from the file fips/rsa/fips_rsa_sign.c in OpenSSL 0.9.8. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
