Bonjour. Et milles mercis. That was helpful. One more question: if I want to reproduce RSA_sign() (and RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll need add code to do the ASN.1 marshaling, right? There's no convenience function to do that (seems like an oversight if that's the case)? -Philip > On May 4, 2022, at 3:45 AM, Erwann Abalea <Erwann.Abalea@xxxxxxxxxxxx> wrote: > > Bonjour, > > The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations. > PKCS#1v1.5 is rewritten in RFC2313. > > Using the command line tool, you can reproduce this: > > echo -n "Mary had a little lamb." > datatosign > > either one of the following can be used to sign data: > openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing > openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing > > and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation): > openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse > openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse > > or you can actually verify the thing without displaying the result of the RSA verify crypto operation: > openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1 > openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign >
