> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation.
For JWS signing in relation to Letsencrypt (my use case for this - mKey is a
RSA keypair in EVP_PKEY*):
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr);
EVP_PKEY_sign_init(ctx);
EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
EVP_PKEY_sign(ctx, nullptr, ... // to check the result length
EVP_PKEY_sign(ctx, signature, ... // to sign and retrieve the
signature
EVP_PKEY_CTX_free(ctx);
Looks good in our testings (I mean it works, as much as Letsencrypt does not
bite and deliver our certificates).
__
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit
freundlichen Grüßen,
Olivier Mascia
