On Tue, Feb 28, 2017, Tobias Nie?en wrote: > Hello, > > we are currently discussing support for RSASSA-PSS padding in the > node.js built-in crypto module: > https://github.com/nodejs/node/issues/1127 > > So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs, > which do not support specifying > the padding (and salt length). We considered switching to the newer > EVP_Digest* functions, but we > cannot provide the public key during initialization of the signature > / verification process as this would > require unacceptable changes to the public API of the crypto module. > Is there any way to use the > new API without specifying the key during initialization? > Considering that the old API just computes > a message digest until EVP_SignFinal/EVP_VerifyFinal is called, > shouldn't it be possible to do merely > the same thing using the new API? > No there isn't with the new API. The reason for that is that some operations performed (for example which digests can be used, or which salt lengths are permissible for PSS) depend on the public key. For example in the master branch RSA-PSS keys can restrict the digest which can be use with the key. The way the new API is structured you get the error as soon as you attempt the operation. > If it is impossible, is there any workaround? > There is an alternative which may help. Instead of using EVP_Sign* which computes the digest and signs with it you can instead call EVP_DigestInit_ex, EVP_DigestUpdate and EVP_DigestFinal_ex() to compute the raw digest. Then you can use the EVP_PKEY APIs to sign the raw digest with EVP_PKEY_sign() using RSA-PSS or verify it with EVP_PKEY_verify(). If that isn't clear let me know and I'll explain further. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users