> From: owner-openssl-us...@openssl.org On Behalf Of Patrick Herbst > Sent: Thursday, 02 May, 2013 16:46
> I'd like to calculate a digest first, then sign/verify it after the > SHA is generated. I thought I could do this by using > > >openssl dgst -sha256 -binary > > and then put those results through > > >openssl rsautl -sign > > But the results of do not match that from > > >openssl dgst -sha256 -sign > The standard RSA signature scheme implemented by dgst -sign (and EVP_Sign*) doesn't RSA-sign just the hash; it RSA-signs (with padding, commonly PKCS#1, which both dgst -sign and rsautl -sign do by default but can be changed) a small ASN.1 structure called DigestInfo which includes the OID of the hash algorithm with the hash. Since the hash length is (also) fixed for a given hash algorithm, so is the DER encoding of everything before the hash value, and you can find these fixed prefixes lots of places. One convenient one is an openssl-fips tree in fips/rsa.fips_rsa_sign.c which has everything in one source file to avoid bloating the FIPS 'canister' (and thus the test/validation effort) with openssl's flexible but large ASN.1 code. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org