Nils,
Humm I tried this and got a error during signing
1436:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong
public key typ
e:p_sign.c:101:
The private key I used was one read in when I generated a DSA
certficate. the headers say DSA
Any thoughts? Same routine I used for signing with RSA certs
Thanks,
Frank
Nils Larsch wrote:
On Friday 19 September 2003 15:28, Frank wrote:
What I've seen so far with openssl is that there seems to be 10,000 ways
to do the same thing so I want to make sure I understand how to do a DSA
signature. My questions are as follows:
1. Do you need a separte cert for signing RSA DSA? I created certs with
the following shell (create parms and ca cert in different steps):
#! /bin/sh
openssl req -newkey dsa:dsa_param.pem -nodes -keyout $1_priv.pem -out
$1_req.pem
openssl ca -in $1_req.pem -out $1_cert.pem -policy policy_anything
-infiles < ca_in
Now will a cert created this way be suitable for signing data with DSA
w/SHA1 hash?
You don't need a cert to sign something only the private key matters.
2. If it will, then how do I sogn the data using the dsa(3) functions
or will the EVP funtions I used for signing RSA work too (i.e see
nothign that was RSA specific). i.e.
EVP_SignInit();
EVP_SignUpdate();
EVP_SignFinal();
You can do it with both methods but using the EVP_Sign* API is
recommened (and simpler).
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
|
