If you take the data inside here and base64 decode it, you end up with 20 bytes.
<ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue> $ echo 'sXD2SsGQxI7DDFMwHwONxjGOaoI=' | openssl base64 -d | hexdump -C 00000000 b1 70 f6 4a c1 90 c4 8e c3 0c 53 30 1f 03 8d c6 00000010 31 8e 6a 82 The result is twenty bytes - you can count them. :-) b1 70 f6 4a c1 90 c4 8e c3 0c 53 30 1f 03 8d c6 31 8e 6a 82 yours, Julius On 2/27/07, WCR <[EMAIL PROTECTED]> wrote:
Julius, I'm a bit slow and a newbie, but this looks to me like a 28 byte string not 20? Can you explain please. <ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue> also Goetz, > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. Unfortunately, I think I do need both the digest and the signature to stuff my xml message as in example attached in previous posts. Thank you both for your patience. David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 26 February 2007 22:30 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest I think I finally understand. This isn't 28 bytes: <ds:DigestValue> sXD2SsGQxI7DDFMwHwONxjGOaoI= </ds:DigestValue> That's 20 bytes of base64 encoded bytes. So you really are using sha1. yours, Julius On 2/26/07, Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello David, > > WCR wrote: > > Julius > > > > You're probably pointing me in the right direction. > Not really. > > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte > > character string. My problem now is I can't use it in my xml message because > > of invalid characters. > > > > If I try "openssl enc -base64" the output is 40bytes. > > > > Is there another step I need to take to get a valid string? > > Doing digest and sign in two steps is very unusual. > Usually you process the digest and generate the signature > in one step. > > If you only want a raw base64 encoded signature (no PKCS#7) > You do the following: > > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt > openssl enc -base64 -in sig.bin -out signature.b64 > > 1st step: digest and sign data > 2nd step: convert generated binary signature into base64 > With a 1024 bit RSA key the file is 175 bytes long (containing > 3 line feeds) > > In a program the first step is done with the functions > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and > EVP_SignFinal() > > Bye > > Goetz > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR > zHll0H48SpOrutZJ036eycE= > =S40W > -----END PGP SIGNATURE----- > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
