On Tue, May 29, 2012, Naveen Nathan wrote: > Hi, > > I'm trying to understand the distinction between: > > EVP_DigestSign* and EVP_Sign*. I'm trying to understand how openssl > performs HMAC on the command line. It seems to use the EVP_DigestSign > with a key type EVP_PKEY* which stores a symmetric MAC key. > > Is EVP_DigestSign* specifically different so that MAC algorithms are > supported? >
The EVP_Sign* functions are much older and limited in some ways: for example the key to use is specified only after all data is digested. The EVP_Digest* functions are newer and more flexible. For example the public key parameters used for signing can be changed: e.g. to support PSS signing or as you noted MAC operations, including HMAC and CMAC. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
