I am not sure why the code you have shared is trying to decrypt the
signature.
If it is done as part of signature verification, don't do this. Use
the actual EVP_PKEY_verify API with corresponding public key.
If you certainly need the decrypted signature, you should do public
encryption with NONE
Yeah, it sounds correct. But since it’s an old application code & we are not
sure why was it done so, we are little worried to change.
Can you please take a look the attachment which has the complete flow, and
provide your views which helps us to change it to PEM_read_PrivateKey() or
variants a
Isn't it obvious to use PEM_read_PrivateKey() or variants to load the
private key as EVP_PKEY
and use EVP_PKEY_decrypt* as specified in
https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_decrypt.html ?
Thanks,
Thulasi.
On Fri, 29 Jan 2021 at 16:59, Narayana, Sunil Kumar
wrote:
> Hi Thulasi,
>
Hi Thulasi,
Currently in (1.0.1) we are following the following sequence, which now need to
replace with EVP.
Current sequence
//to create RSA pubkey
rsa = PEM_read_bio_RSA_PUBKEY(keybio, NULL, NULL, NULL); // !!!
//to decrypt using RSA utility
RSA_public_decrypt(len, (unsigned char*)buffer,d