Hi All,
Using OpenSSL, I need to implement digital signing. My approach as of now is:
1) At the sender side, generate the hash of the data using sha256.
2) Encrypt the hash of the data using RSA Private key for the purpose of signing. Send this encrypted hash and the data from Step 1 to the receiverr side.
3) At the receiver's end, Decrypt the signed data(encrypted hash) using the corresponding RSA Public key.
4) Generate hash of the data and verify the decrypted content against this hash to verify the signature
I was thinking of using RSA_private_encrypt() method to do the signing and RSA_public_decrypt() method to decrypt the signed hash using the corresponding RSA public key. Would the above be a bad approach especially when it comes to using the methods mentioned ? Please recommend the methods to be used that would be better for the purpose of digital signing and verification using sha256 and RSA keys
Thanks and Regards,
Prithiraj
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
