RE: rsa_sign versus RSA_private_encrypt
Steve, Your advice is very much appreciated. Thanks again for resolving this issue for me so quickly. Kind regards, Bob D. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: donderdag 28 oktober 2010 14:31 To: openssl-users@openssl.org Subject: Re: rsa_sign versus RSA_private_encrypt On Thu, Oct 28, 2010, Bob Dijck wrote: > Thank you, Steve, for the swift reply. > Can I use i2d_X509_SIG to perform to encapsulation step (supposing I have to > use RSA_private_encrypt)? > Well you can if you want but RSA_sign() does all that for you. There is an easier way: the encapsulation effectively prepends fixed data to the signature. The FIPS libraries use this technique to avoid having to drag in the whole ASN1 library. The prepended data depends on the digest type, you can get the required prefix from the file fips/rsa/fips_rsa_sign.c in OpenSSL 0.9.8. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail and any attachments contain material that is confidential for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: rsa_sign versus RSA_private_encrypt
owner-openssl-us...@openssl.org wrote on 10/28/2010 03:07:18 AM: > From: Bob Dijck > > I am trying to implement a signing function in C++ using RSA. > Here’s how I wanted to do this: > - First I calculate the SHA1 hash (not using openssl but another > implementation). > - But then what? Should I use RSA_private_encrypt or rsa_sign? > When I use RSA_private_encrypt the result is different from when I > use rsa_sign… The openssl support pages mention that in case of > RSA_PKCS1_PADDING (that’s the one I use) I should use rsa_sign. Is > there any way around this? > > I thought that signing was a two step process: hash + RSA encryption > of hash. Am I doing something wrong? There are two other steps. It's: - hash - prepend an OID - prepend a pad - RSA private key operation If you're application likes openssl's standard OID and pad, you can use rsa_sign. If not, you can do whatever you like.
Re: rsa_sign versus RSA_private_encrypt
On Thu, Oct 28, 2010, Bob Dijck wrote: > Thank you, Steve, for the swift reply. > Can I use i2d_X509_SIG to perform to encapsulation step (supposing I have to > use RSA_private_encrypt)? > Well you can if you want but RSA_sign() does all that for you. There is an easier way: the encapsulation effectively prepends fixed data to the signature. The FIPS libraries use this technique to avoid having to drag in the whole ASN1 library. The prepended data depends on the digest type, you can get the required prefix from the file fips/rsa/fips_rsa_sign.c in OpenSSL 0.9.8. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: rsa_sign versus RSA_private_encrypt
Thank you, Steve, for the swift reply. Can I use i2d_X509_SIG to perform to encapsulation step (supposing I have to use RSA_private_encrypt)? Best regards, Bob D. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: donderdag 28 oktober 2010 12:32 To: openssl-users@openssl.org Subject: Re: rsa_sign versus RSA_private_encrypt On Thu, Oct 28, 2010, Bob Dijck wrote: > Hello, > > I am trying to implement a signing function in C++ using RSA. Here's how I > wanted to do this: - First I calculate the SHA1 hash (not using openssl but > another implementation). - But then what? Should I use RSA_private_encrypt > or rsa_sign? When I use RSA_private_encrypt the result is different from > when I use rsa_sign... The openssl support pages mention that in case of > RSA_PKCS1_PADDING (that's the one I use) I should use rsa_sign. Is there any > way around this? > > I thought that signing was a two step process: hash + RSA encryption of > hash. Am I doing something wrong? > The usual form of RSA signature is a three step process. Calculate hash, encapsulate hash in a DigestInfo structure, RSA private key encrypt the structure. If you use RSA_sign() all three steps are performed, for RSA_private_encrypt() the encapsulation is not performed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This e-mail and any attachments contain material that is confidential for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: rsa_sign versus RSA_private_encrypt
On Thu, Oct 28, 2010, Bob Dijck wrote: > Hello, > > I am trying to implement a signing function in C++ using RSA. Here's how I > wanted to do this: - First I calculate the SHA1 hash (not using openssl but > another implementation). - But then what? Should I use RSA_private_encrypt > or rsa_sign? When I use RSA_private_encrypt the result is different from > when I use rsa_sign... The openssl support pages mention that in case of > RSA_PKCS1_PADDING (that's the one I use) I should use rsa_sign. Is there any > way around this? > > I thought that signing was a two step process: hash + RSA encryption of > hash. Am I doing something wrong? > The usual form of RSA signature is a three step process. Calculate hash, encapsulate hash in a DigestInfo structure, RSA private key encrypt the structure. If you use RSA_sign() all three steps are performed, for RSA_private_encrypt() the encapsulation is not performed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
rsa_sign versus RSA_private_encrypt
Hello, I am trying to implement a signing function in C++ using RSA. Here's how I wanted to do this: - First I calculate the SHA1 hash (not using openssl but another implementation). - But then what? Should I use RSA_private_encrypt or rsa_sign? When I use RSA_private_encrypt the result is different from when I use rsa_sign... The openssl support pages mention that in case of RSA_PKCS1_PADDING (that's the one I use) I should use rsa_sign. Is there any way around this? I thought that signing was a two step process: hash + RSA encryption of hash. Am I doing something wrong? Thanks. Regards, Bob D. This e-mail and any attachments contain material that is confidential for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.