RSA Digital Signing

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA Digital Signing

prithiraj das
Hi All,

Using OpenSSL, I need to implement digital signing. My approach as of now is:
1)  At the sender side, generate the hash of the data using sha256.
2)  Encrypt the hash of the data using RSA Private key for the purpose of signing. Send this encrypted hash and the data from Step 1 to the receiverr side.
3)  At the receiver's end, Decrypt the signed data(encrypted hash) using the corresponding RSA Public key.
4)  Generate hash of the data and verify the decrypted content against this hash to verify the signature

I was thinking of using RSA_private_encrypt() method to do the signing and RSA_public_decrypt() method to decrypt the signed hash using the corresponding RSA public key. Would the above be a bad approach especially when it comes to using the methods mentioned ? Please recommend the methods to be used that would be better for the purpose of digital signing and verification using sha256 and RSA keys

Thanks and Regards,
Prithiraj

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA Digital Signing

Viktor Dukhovni
> On Jan 27, 2019, at 12:43 PM, prithiraj das <[hidden email]> wrote:
>
> Using OpenSSL, I need to implement digital signing. My approach as of now is:
> 1)  At the sender side, generate the hash of the data using sha256.
> 2)  Encrypt the hash of the data using RSA Private key for the purpose of signing. Send this encrypted hash and the data from Step 1 to the receiverr side.
> 3)  At the receiver's end, Decrypt the signed data(encrypted hash) using the corresponding RSA Public key.
> 4)  Generate hash of the data and verify the decrypted content against this hash to verify the signature
>
> I was thinking of using RSA_private_encrypt() method to do the signing and RSA_public_decrypt() method to decrypt the signed hash using the corresponding RSA public key. Would the above be a bad approach especially when it comes to using the methods mentioned ? Please recommend the methods to be used that would be better for the purpose of digital signing and verification using sha256 and RSA keys

Do not invent your own RSA-based signature scheme.  Use a standard
RSA signature primitive.  Either RSA-PSS, or PKCS#1 v1.5

   https://en.wikipedia.org/wiki/PKCS_1#Schemes

Typically, you would use CMS, which handles all the details internally.

   https://www.openssl.org/docs/man1.1.0/apps/cms.html

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: RSA Digital Signing

Matt Caswell-2
In reply to this post by prithiraj das


On 27/01/2019 17:43, prithiraj das wrote:

> Hi All,
>
> Using OpenSSL, I need to implement digital signing. My approach as of now is:
> 1)  At the sender side, generate the hash of the data using sha256.
> 2)  Encrypt the hash of the data using RSA Private key for the purpose of
> signing. Send this encrypted hash and the data from Step 1 to the receiverr side.
> 3)  At the receiver's end, Decrypt the signed data(encrypted hash) using the
> corresponding RSA Public key.
> 4)  Generate hash of the data and verify the decrypted content against this hash
> to verify the signature
>
> I was thinking of using RSA_private_encrypt() method to do the signing and
> RSA_public_decrypt() method to decrypt the signed hash using the corresponding
> RSA public key. Would the above be a bad approach especially when it comes to
> using the methods mentioned ? Please recommend the methods to be used that would
> be better for the purpose of digital signing and verification using sha256 and
> RSA keys

Consider using the EVP_DigestSign*() functions, rather than the RSA_* ones. This
is the preferred way of doing this:

https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html

This has the advantages of handling all of the digesting and padding issues for
you. It also gives you greater flexibility to change digest and/or signing
algorithms at a later point if you wish.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users