> From: owner-openssl-us...@openssl.org On Behalf Of Emre Erisgen > Sent: Thursday, 27 May, 2010 12:21
> How do I encrypt SHA-1 hash value of my public certificate > with private key of my certificate? I assume you mean an RSA key, because that's the only kind that is certified and also usable for encryption. But you don't encrypt *anything* with an RSA private key. You may be misled, as many are, because RSA signing is mathematically similar to RSA *de*cryption, and RSA verification to RSA *en*cryption. But RSA signing is NOT the same as decryption, nor encryption. If you want to sign, sign. But even that doesn't really make sense. A normal cert is already signed by the CA; countersigning by the subject doesn't add to the integrity, and doesn't prove current possession; what good is it? Unless you're thinking of issuing (or reissuing) your own cert, i.e. 'self-signing' it. But then what you want to (hash and) sign is the 'TBS' *portion* of the cert, namely CertInfo, *producing* a cert. openssl commandline has several ways of doing this, if that's what you want. Although if you already have a valid cert from a CA, for most purposes that's better than a self-signed one. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
