EVP signing

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

EVP signing

Federico Buti
Hi list.

I'm currently implementing a signing routine and for that I'm using the high-level API EVP according to this page. I'm using openssl 1.0.2m.

I need to sign with hashing SHA256 and prime256v1, with the former retrieved via "EVP_get_digestbyname". The private key is stored in a PEM file and loaded via "PEM_read_bio_PrivateKey". It is correctly loaded and correctly recognized to be of type EC (408).

So far so good, I am able to sign the payload and verify it. Hence, the procedure is correctly carried out. HOWEVER, once the signed payload is sent to the server, it is rejected. I believe the issue is with "prime256v1" because, as far as I can tell, that is not the default curve for EC signing.

Looking into the documentation I tried to set the correct curve like this (smart pointers used, error handling ignored for the sake of brevity):

 EVP_PKEY_CTX * pctx;
EVP_DigestSignInit(mdctx.get(), &pctx, digestFunctionNULLkey.get()))
EVP_PKEY_paramgen_init(pctx);
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1);
// usual steps...

But that leads to errors in "EVP_DigestSignFinal" and the inability to sign the payload. Probably this is not the correct way to set the curve.

So, what's the correct way to sign a payload with SHA256 and prime256v1? Is EVP api the correct one?

Thanks in advance for the help.
F.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: EVP signing

Matt Caswell-2


On 14/03/18 09:20, Federico Buti wrote:

> Hi list.
>
> I'm currently implementing a signing routine and for that I'm using the
> high-level API EVP according to this page
> <https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying>. I'm
> using openssl 1.0.2m.
>
> I need to sign with hashing SHA256 and prime256v1, with the former
> retrieved via "EVP_get_digestbyname". The private key is stored in a PEM
> file and loaded via "PEM_read_bio_PrivateKey". It is correctly loaded
> and correctly recognized to be of type EC (408).
>
> So far so good, I am able to sign the payload and verify it. Hence, the
> procedure is correctly carried out. HOWEVER, once the signed payload is
> sent to the server, it is rejected. I believe the issue is with
> "prime256v1" because, as far as I can tell, that is not the default
> curve for EC signing.
>
> Looking into the documentation I tried to set the correct curve like
> this (smart pointers used, error handling ignored for the sake of brevity):
>
> EVP_PKEY_CTX*pctx;
>
> EVP_DigestSignInit(mdctx.get(), &pctx, digestFunction, NULL, key.get()))
>
> EVP_PKEY_paramgen_init(pctx);
>
> EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,NID_X9_62_prime256v1);
>
> // usual steps...
>
> But that leads to errors in "EVP_DigestSignFinal" and the inability to
> sign the payload. Probably this is not the correct way to set the curve.
>
> So, what's the correct way to sign a payload with SHA256 and prime256v1?
> Is EVP api the correct one?

Yes, EVP is the correct API. An EC private key is tied to the curve that
was used to generate it, so any signatures will be based on that curve.
If your private key isn't using prime256v1 and that curve is a
requirement then you'll need to generate a new key.

Matt



>
> Thanks in advance for the help.
> F.
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users