Question w.r.t EVP Signing and Verifying

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question w.r.t EVP Signing and Verifying

Kumar Venkatarao

Hi,

 

I am writing a program to do pairwise consistency checks using EVP API’s for RSA and

ECDSA keys. The private and public keys are obtained from a PKCS12 file.  

I’ve based my program on the sample code provided at –

https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying

Version of openssl used is OpenSSL 1.0.2n/FIPS v2.0.16

 

The code works well for RSA based keys. However, with ECDSA the EVP_VerifyDigestFinal

Function always return 0.   The Man page seem to indicate a return value of 0 doesn’t

Indicate of any serious error, but says verification is a failure.

 

The questions are –

 

1.      Why does EVP_DigestVerifyFinal fail for ECDSA keys ? Is it a known problem ?

2.      If I need to use ECDSA_sign and ECDSA_verify call,  I need to convert the EVP_PKEY

Structure to EC_KEY.  I do find a supporting API – EVP_PKEY_set1_EC_KEY. However,

This seems true for Only private keys.  Is there any function that would accept

EVP_PKEYs (private/public) and generate a single EC_KEY structure so that

ECDSA_sign/ECDSA_verify can be used ?

 

Thanks

Kumar

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Question w.r.t EVP Signing and Verifying

Viktor Dukhovni


> On Aug 31, 2018, at 1:52 AM, Kumar Venkatarao <[hidden email]> wrote:
>
> Why does EVP_DigestVerifyFinal fail for ECDSA keys?

Because you're not using it correctly.

> Is it a known problem ?

Yes, incorrect use will lead to unexpected results.  No, there is
no known problem in correct use of EC signature verification.

You can test EC signing and verification with:

  $ openssl genpkey -out /tmp/eckey.pem -algorithm ec \
      -pkeyopt "ec_paramgen_curve:prime256v1" \
      -pkeyopt ec_param_enc:named_curve
  $ openssl pkey -in /tmp/eckey.pem -pubout -out /tmp/ecpub.pem
  $ echo foobar | openssl dgst -sign /tmp/eckey.pem > /tmp/sig.dat
  $ echo foobar | openssl dgst -verify /tmp/ecpub.pem -signature /tmp/sig.dat ; echo $?
  Verified OK
  0
  $ echo goobar | openssl dgst -verify /tmp/ecpub.pem -signature /tmp/sig.dat ; echo $?
  Verification Failure
  1

Your code should be able to generated signature files that "openssl dgst -verify" can
verify, or verify signatures that "openssl dgest -sign" produced.  The default digest
algoritm in the operations above was SHA256, you can make it explicit if you like
via appropriate additional options.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users