Well in this case I'm signing blah but I'm really trying to sign a base64 string. I'm just trying to use sign/verify to ensure that what was sent (a base64 encoded message that's maybe 1024 chars long max) is real
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Saturday, November 22, 2008 1:45 PM To: openssl-users@openssl.org Subject: Re: sign/verify kicking my ass On Sat, Nov 22, 2008, Shaun R. wrote: > Can anybody help me out, not sure whats going wrong. My test case right > now is the following > > gcc sign.c -o sign -lcrypto > gcc verify.c -o verify -lcrypto > ./sign > blah.sig > ./verify > > RSA_sign() and RSA_verify() don't sign arbitrary data they expect the digest of the data being signed/verified. If you want an API that does sign arbitrary data use EVP_Sign*() and EVP_Verify*() instead. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
