I think I finally understand. This isn't 28 bytes: <ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue>
That's 20 bytes of base64 encoded bytes. So you really are using sha1. yours, Julius On 2/26/07, Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello David, WCR wrote: > Julius > > You're probably pointing me in the right direction. Not really. > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte > character string. My problem now is I can't use it in my xml message because > of invalid characters. > > If I try "openssl enc -base64" the output is 40bytes. > > Is there another step I need to take to get a valid string? Doing digest and sign in two steps is very unusual. Usually you process the digest and generate the signature in one step. If you only want a raw base64 encoded signature (no PKCS#7) You do the following: openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt openssl enc -base64 -in sig.bin -out signature.b64 1st step: digest and sign data 2nd step: convert generated binary signature into base64 With a 1024 bit RSA key the file is 175 bytes long (containing 3 line feeds) In a program the first step is done with the functions EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and EVP_SignFinal() Bye Goetz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR zHll0H48SpOrutZJ036eycE= =S40W -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
