dear all i made an application a client server the client send a certificate request and server reply with the certificate and it creates a encrypted shared key and some data and sign the digest of the shared
key and data
my problem is
1- in SignDigest() in EVP_DigestSignFinal(mdctx, NULL, signlen); function return an error No source available for "EVP_PKEY_sign() at 0xb7ede098"
i don't know the reason for this error it should return the length of the sign only????
then i reserve a location in memory with this size
please help me
Warmest regards and best wishes for a good health,urs
Warmest regards and best wishes for a good health,urs sincerely mero
On Thu, Nov 20, 2014 at 10:42:01PM +0530, Niraj Sorathiya wrote:
> Any API or software tool can help me ?
NO. And likely you're not even asking the right question. If you
really wish to pursue this line of inquiry, post a detailed
description of your algorithm, and why you want to extend OpenSSL
to support it.
> > If, I want to use my own algorithm instead of rsa or sha1 in the digital certificates, is it possible ?
> > if yes then how ?
> I thought I answered this. It is hard work, it is not documented, you're on your own.
I agree with the "hard work" opinion ;-)
This can be done and one ENGINE for gost does in fact implement new public key
algorithms which aren't part of OpenSSL.
In outline you do something like this...
1. Write ASN.1 modules for public key and private key formats and (if
relevant) parameters. Write translation functions to convert from ASN.1 to
and from EVP_PKEY structures. Optionally include printing functions. Make
an EVP_PKEY_ASN1_METHOD based on these.
2. Write cryptographic functions to generate parameters (if required), private
keys, sign and verify. Adding appropriate controls and string based controls
will make the algorith usable from the openssl utility. Wrap the lot in an
3. Place the two methods in a ENGINE so it loads and registers them.
4. Test extensively using the pkey, pkeyutl, genpkey and pkeyparam utilities.
Thankyou all and thankyou Stephen for giving me some hope for my idea :)
But truly speaking I didn't get your steps. I don't know anything about Digital Certificates , but I have started working on this.
I am referring books like openssl cookbook and network security with openssl by Pravin,Matt and John which is out of date.We have any other stuff to refer ?
Stephen I have one idea, instead going for complicated rsa like algorithm of mine if I write a simple algorithm which inverts bits only i.e NOT cipher.
Can you give me detail steps
( i.e how many c program files I'll need and where I need to copy them to use it with Digital Certificates)
for how can I use this simple NOT cipher with Digital Certificates instead of using rsa.
Please Stephen help for this if possible.
> Even assuming he figures out how to tis his algorithm into Openssl, how
> would he even being to specify his custom algorithm in the cert? Wouldn't
> he have to define his own OID for the algorithm?