> From: owner-openssl-us...@openssl.org On Behalf Of Peter Eckersley > Sent: Thursday, 26 January, 2012 16:39 > To: openssl-users@openssl.org > Subject: Separating the digest and signature steps of RSA signing > > Hi all, > > I have an offline system that needs to compute RSA signatures over > large blobs of data, given only hashes of the data as input and not > the entire blobs (something like the NONEwithRSA algorithm in Java's > RSA implementation > http://www.docjar.com/docs/api/sun/security/mscapi/RSASignature.html) > I don't think that's Java's implementation. The SunMSCAPI provider is Java's interface to Windows implementation, and may only work on Windows. SunJSSE has some convoluted magic to somehow do the SSL-specific MD5andSHA1withRSA and AFAICT NONEwithRSA isn't available elsewhere in Sun distro.
> Is there any way to do that with openssl? > Just call the low-level primitive RSA_sign if you still want the conventional algid+hash encoding and PKCS1 formatting (i.e. if you are interoperating with almost anyone) or even lower-level RSA_private_encrypt otherwise. I see no standard provision for it in EVP. I'm pretty sure you could construct your own EVP_MD for it, if you want to bother. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
