Julius You're probably pointing me in the right direction.
I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte character string. My problem now is I can't use it in my xml message because of invalid characters. If I try "openssl enc -base64" the output is 40bytes. Is there another step I need to take to get a valid string? Thank you for your time. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 26 February 2007 13:54 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest The 40 bytes you're seeing might actually be 20 bytes: 9699dc843a1608b4 That's 8 bytes, not 16. If all the examples you've seen produce 28 byte digests, they are probably using sha224. $ echo "28 * 8" | bc 224 :-) Try using "openssl dgst -sha224" instead of sha1. yours, Julius On 2/26/07, WCR <[EMAIL PROTECTED]> wrote: > Hi Julius > > Thank you for your prompt reply. I hope you can help me, I'll try to > explain it better. > > I need to generate a soap envelope, see a correct example attached. Example > message has been provided by the service provider along with a digital > certificate in pkcs#12 file 10698.p12 also attached. > > This is what I'm doing: > > First: Convert 10698.p12 to 10698.pem > openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes > Then I can stuff my message with the X509Token. So far so good. > > Next: I create a digest of my data object #MsgBody. The input to the SHA1 > digest function is the text between and including the two elements: > > <EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached example. > > I have tried both: > openssl dgst -sha1 mydata.txt > mydigest.out > - and - > openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out > > No matter what text is input, the result is always 40 bytes long. In all > examples given to me, they are always 28 bytes long. I thought at first it > was because I had not used the -key 10698.pem in the first command line, but > both results were the same. > > The next step is to sign it. The signature lengths vary so no problem there > yet, but my digest should be 28 bytes not 40 bytes. > > I must be missing something or perhaps I need a holiday. > Any suggestions, even holiday ones, would be appreciated :-) > > David > > > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
