Ken, think of it this way: 1. To send a message for only a specific person to read you want to make it decryptable with their private key, thus encrypting with their public key. 2. For a signature, the world needs to be able to verify it, so it needs to be decryptable with the public key, and thus encrypted with the private key.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch Sent: Wednesday, 25 May 2005 7:22 AM To: openssl-users@openssl.org Subject: Re: Doubt regarding EMSA-PKCS1-v1_5 Ken Goldman wrote: ... >>RSA_private_encrypt adds only the 0x00 || 0x01 || PS || 0x00 padding >>(if padding == RSA_PKCS1_PADDING). If you want to let openssl do the >>whole encoding/padding use RSA_sign or if you want to create the T >>value manually you need to use i2d_X509_SIG, see RSA_sign. > > > Correct me if I'm wrong (I'm sure someone will!), but I believe that > signing should use RSA_private_decrypt(). no, RSA_private_decrypt and RSA_public_encrypt are used for asymmetric encryption whereas RSA_private_encrypt and RSA_public_decrypt correspond to RSA_sign and RSA_verify. Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
