Hello, I recently resubscribed so I'm unsure if this post was emailed back out to members. If you saw it and the question was bad, please let me know what I can simplify or clarify. Thank you. On 6/27/21 11:44 PM, Sage Gerard wrote: > Hi all, > > Context: https://github.com/zyrolasting/xiden/blob/master/crypto/crypto.c > > I compile this small EVP program into a dynamic library, in which > libcrypto is statically linked. A nearby Racket program needs this > dynamic library for a foreign function interface. I do things in an odd > order, but I am able to create and verify signatures with this setup. > > Let's say the library's output signature is in file.sha1.sig, and the > signature was created using the unencoded SHA-1 digest in file.sha1. I > would compare verification output using my host 1.1.1f binary using: > > $ <file.sha1 openssl pkeyutl -sign -verify -pubin -inkey public.pem > -sigfile file.sha1.sig > > Signature verification fails, so I made a mistake. I'm confused because > the program still (broadly) follows the wiki, and it verifies its own > valid-looking signatures successfully. > > Can the library and binary disagree because of different OpenSSL > versions? If not, what did I do to make them produce different output > for the same CHF and keypair? > > -- > ~slg > -- ~slg
