On Wed, Mar 18, 2009 at 10:51 PM, Joe Percival <j...@bigtreestech.com> wrote: > How can I create and verify a RSASSA-PSS signature using openssl command > line? > I have searched for any documentation and/or tutorial on the subject and > have come up empty handed. > I need to be able to set the hash function and Mask Generation Function to > digest functions available under openssl dgst. > The file for which I need to generate (and verify) the signature is a text > file. > I have openssl version 0.9.8e installed but could upgrade if necessary. > Thanks in advance, and my apologies if the answer is obvious, I'm quite new > to this subject and this application. > joe
As nobody responded with anything better, here's what I have. Currently, I don't think the commandline tools support this yet. OTOH, you can have a look at this (twas posted @ 4/1/2009): copy&paste: /* Example code how to use PSS padding wih RSA signing. Written by Mounir IDRASSI --- RSA_sign only supports PKCS# 1 v1.5 padding which always gives the same output for the same input data. If you want to perfom a digital signature with PSS padding (i.e. padding with random data), you have to pad the data yourself by calling RSA_padding_add_PKCS1_PSS and then call RSA_private_encrypt on the padded output after setting its last parameter to RSA_NO_PADDING. I have written a small sample code that shows how to perform PSS signature and verification. You can get the code from the following link: http://www.idrix.fr/Root/Samples/openssl_pss_signature.c I hope this answers your questions. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr */ --- If the code is not available any longer, give a holler; I've got a copy archived. -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
