EVP_get_digestbyname and 'standard' signature algorithm names

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

EVP_get_digestbyname and 'standard' signature algorithm names

Chris Dodd-2
I'm trying to develop an application with OpenSSL that needs to verify
a variety of digital signatures from different places.  Currently I use
EVP_get_digestbyname to get an EVP_MD handle identifying the algorithm
used, and this works well for things that originally came from OpenSSL,
but less well with things that come from elsewhere.

For example, Oracle sends me signatures identified as "SHA512withRSA",
which I need to translate into "sha512WithRSAEncryption" in order for
EVP_get_digestbyname to accept and give me something that works (note
the case differences as well as the extra -Encryption suffix).

Is there any sort of standard for what these strings should be?  Is
there a way to get OpenSSL to be more 'permissive' when looking up
algorithms by name like this?  Currently I'm just manually building
up a set of aliases to translate to their OpenSSL equivalents as I
run into them, but it seems it should be possible to do something
more general.

------------------------
Chris Dodd
[hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: EVP_get_digestbyname and 'standard' signature algorithm names

Salz, Rich
There are a few places these things are specified -- in the names given to the OID arcs, which means looking in SSL, TLS, CMS, S/MIME, etc.  OpenSSL has a pretty complete list of those. Another source is in the URI's for things like XMLDSig and XMLEncryption.

Your approach of having an 'alias table' is probably the best way to go.

        /r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]