> Know I have to do it, but only really use low level stuff to build Json > Web Keys, and the EC keys I build for signing seen incompatible with > some servers, so really needs deeper investigation. For JWS signing in relation to Letsencrypt (my use case for this - mKey is a RSA keypair in EVP_PKEY*): EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr); EVP_PKEY_sign_init(ctx); EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING); EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); EVP_PKEY_sign(ctx, nullptr, ... // to check the result length EVP_PKEY_sign(ctx, signature, ... // to sign and retrieve the signature EVP_PKEY_CTX_free(ctx); Looks good in our testings (I mean it works, as much as Letsencrypt does not bite and deliver our certificates). __ Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen, Olivier Mascia
