On 7 June 2013 07:06, Michael Wild <them...@users.sourceforge.net> wrote:
> Dear all
>
> I'm quite the noob in all things OpenSSL, and I'm struggling getting
> started with signing a piece of data.
>
The thing is that on the command line your data is subtly different than in
your C program. Hash algorithms are ruthless in this regard and that's why
they are so useful ;) See my comments inlined.
> Here a MWE that should illustrate the problem. It loads "private.pem" (a
> RSA private key I generated using `openssl genrsa -out private.pem
> 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
> but that's irrelevant) and then outputs the signature using base64 coding.
>
> #include <openssl/bio.h>
> #include <openssl/conf.h>
> #include <openssl/evp.h>
> #include <openssl/pem.h>
> #include <openssl/err.h>
>
> int main()
> {
> // data to sign
> char data[] = "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3";
>
`data' includes terminating '\0' implicitly
>
> // init openssl
> OPENSSL_config(NULL);
> OpenSSL_add_all_digests();
> ERR_load_crypto_strings();
>
> // load private key for signing
> EVP_PKEY* prv_key = NULL;
> BIO* bio = BIO_new_file("./private.pem", "rt");
> prv_key = PEM_read_bio_PrivateKey(bio, &prv_key, NULL, NULL);
> BIO_free(bio);
>
> // sign "data"
> EVP_MD_CTX ctx;
> unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
> unsigned int s;
>
> EVP_MD_CTX_init(&ctx);
> if (!EVP_SignInit_ex(&ctx, EVP_sha1(), NULL)) abort();
> if (!EVP_SignUpdate(&ctx, data, sizeof(data))) abort();
>
This should be either `sizeof(data) - 1' or `strlen(data)'
HTH,
Kris
