> Date: Tue, 24 May 2005 22:46:57 +0200 > From: Nils Larsch <[EMAIL PROTECTED]> > > Suram Chandra Sekhar wrote: > > Hi all, > > I have a doubt regarding EMSA-PKCS1-v1_5 usage in OpenSSL. > > > > My requirement is that I want to sign some data using a specific Hash > > Algorithm (SHA1). > > > > For this Iam trying to do the following steps instead of calling > > rsa_sign() function directly. > > > > 1. Calculate SHA1 Hash on the data to be signed. > > 2. Call RSA_private_encrypt with RSA_PKCS1_PADDING. > > > > As per the documentation, this corresponds to EMSA-PKCS1-v1_5 encoding > > method. > > > > I referred to section 9.2 of rfc 3447(Public-Key Cryptography Standards > > (PKCS) #1: RSA Cryptography Specifications Version 2.1) > > document which says the following > > > > EM = 0x00 || 0x01 || PS || 0x00 || T. > > > > where T for SHA1 is defined as > > > > SHA-1: (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H. > > (H is the Hash value from Step 1). > > > > My specific question is > > > > Is it expected that the input I pass to RSA_private_encrypt for > > "from" MUST contain the HASH pre-pended with the hex value defined > > or is there any function in OpenSSL which can be called to set this > > value. > > RSA_private_encrypt adds only the 0x00 || 0x01 || PS || 0x00 padding > (if padding == RSA_PKCS1_PADDING). If you want to let openssl do the > whole encoding/padding use RSA_sign or if you want to create the T > value manually you need to use i2d_X509_SIG, see RSA_sign.
Correct me if I'm wrong (I'm sure someone will!), but I believe that signing should use RSA_private_decrypt(). -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
