Quantcast

RSA sign and verify

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RSA sign and verify

Leon Brits

Hi List,

 

I am implementing a sign and verify function for RSA and DSA (for now just RSA) using the EVP methods. In the manual it says this is the preferred method. It all _works_ fine, but I have a requirement to support different padding schemes: RSASSA-PKCS1.5 and RSASSA-PSS. I’ve searched for how to change the padding scheme when I sign, but could not find how to do it the “EVP way”.

 

Any suggestions?

 

Thanks

Leon Brits

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RSA sign and verify

Dr. Stephen Henson
On Tue, Mar 12, 2013, Leon Brits wrote:

>
> I am implementing a sign and verify function for RSA and DSA (for now just
> RSA) using the EVP methods. In the manual it says this is the preferred
> method. It all _works_ fine, but I have a requirement to support different
> padding schemes: RSASSA-PKCS1.5 and RSASSA-PSS. I've searched for how to
> change the padding scheme when I sign, but could not find how to do it the
> "EVP way".
>

You need OpenSSL 1.0.0 or later and the EVP_Digest*() API.

You need to retrieve the EVP_PKEY_CTX uses and then set appropriate parameters
using the EVP_PKEY_ctrl function. There are various macros defined to change
the padding mode and parameters.

So typically you'd call EVP_DigestSignInit(), get the associated context then
call EVP_PKEY_CTX_set_rsa_padding() and optionally some other PSS parameters.

See manual pages for more info.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: RSA sign and verify

Leon Brits
Just a view more questions:

In my existing code, I used the EVP_SignInit/Update/Final calls. I did not set the padding so the default (RSASSA_PKCS1.5) was always used. So now, to set the padding, I've added the code as mentioned after the EVP_SignInit() and before the first EVP_SignUpdate().

This all worked, until I've commented out the EVP_PKEY_CTX_set_rsa_padding() call from the verification function (as a test). This should cause the default padding to be used and should fail to verify signatures with the PSS padding scheme (right?). Well is succeeds.

1. Comments?
2. Can I mix the EVP_SignInit/Update/Final() and EVP_DigestSignInit/Update/Final() calls?

Info: I've noticed that one should not free the key context (EVP_PKEY_CTX) returned from EVP_DigestSignInit() since it is deleted in the digest context (EVP_MD_CTX). This sould be noted somewhere.

Leon Brits
Senior Design Engineer
Parsec

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: 12 March 2013 03:58 PM
To: [hidden email]
Subject: Re: RSA sign and verify

On Tue, Mar 12, 2013, Leon Brits wrote:

>
> I am implementing a sign and verify function for RSA and DSA (for now
> just
> RSA) using the EVP methods. In the manual it says this is the
> preferred method. It all _works_ fine, but I have a requirement to
> support different padding schemes: RSASSA-PKCS1.5 and RSASSA-PSS. I've
> searched for how to change the padding scheme when I sign, but could
> not find how to do it the "EVP way".
>

You need OpenSSL 1.0.0 or later and the EVP_Digest*() API.

You need to retrieve the EVP_PKEY_CTX uses and then set appropriate parameters using the EVP_PKEY_ctrl function. There are various macros defined to change the padding mode and parameters.

So typically you'd call EVP_DigestSignInit(), get the associated context then call EVP_PKEY_CTX_set_rsa_padding() and optionally some other PSS parameters.

See manual pages for more info.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RSA sign and verify

Dr. Stephen Henson
On Thu, Mar 14, 2013, Leon Brits wrote:

> Just a view more questions:
>
> In my existing code, I used the EVP_SignInit/Update/Final calls. I did not
> set the padding so the default (RSASSA_PKCS1.5) was always used. So now, to
> set the padding, I've added the code as mentioned after the EVP_SignInit()
> and before the first EVP_SignUpdate().
>
> This all worked, until I've commented out the EVP_PKEY_CTX_set_rsa_padding()
> call from the verification function (as a test). This should cause the
> default padding to be used and should fail to verify signatures with the PSS
> padding scheme (right?). Well is succeeds.
>
> 1. Comments?  2. Can I mix the EVP_SignInit/Update/Final() and
> EVP_DigestSignInit/Update/Final() calls?
>
> Info: I've noticed that one should not free the key context (EVP_PKEY_CTX)
> returned from EVP_DigestSignInit() since it is deleted in the digest context
> (EVP_MD_CTX). This sould be noted somewhere.
>

No you can't mix the two. You should use EVP_Digest* throughout.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: RSA sign and verify

Leon Brits
It now works, thanks for your guidance!

Leon Brits


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: 15 March 2013 12:42 AM
To: [hidden email]
Subject: Re: RSA sign and verify

On Thu, Mar 14, 2013, Leon Brits wrote:

> Just a view more questions:
>
> In my existing code, I used the EVP_SignInit/Update/Final calls. I did
> not set the padding so the default (RSASSA_PKCS1.5) was always used.
> So now, to set the padding, I've added the code as mentioned after the
> EVP_SignInit() and before the first EVP_SignUpdate().
>
> This all worked, until I've commented out the
> EVP_PKEY_CTX_set_rsa_padding() call from the verification function (as
> a test). This should cause the default padding to be used and should
> fail to verify signatures with the PSS padding scheme (right?). Well is succeeds.
>
> 1. Comments?  2. Can I mix the EVP_SignInit/Update/Final() and
> EVP_DigestSignInit/Update/Final() calls?
>
> Info: I've noticed that one should not free the key context
> (EVP_PKEY_CTX) returned from EVP_DigestSignInit() since it is deleted
> in the digest context (EVP_MD_CTX). This sould be noted somewhere.
>

No you can't mix the two. You should use EVP_Digest* throughout.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: RSA sign and verify

Leon Brits
Hi List,

I've implemented the sign of data using the EVP_DigestSign and Verify functions. The client however also require a function to sign exsiting digests calculated by Windows? From some post found on the internet it seems I should call EVP_PKEY_sign() - correct? If so should I do checking that I only pass digests to this function?

Thanks
Leon Brits

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of Leon Brits
> Sent: 15 March 2013 09:18 AM
> To: [hidden email]
> Subject: RE: RSA sign and verify
>
> It now works, thanks for your guidance!
>
> Leon Brits
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of Dr. Stephen Henson
> Sent: 15 March 2013 12:42 AM
> To: [hidden email]
> Subject: Re: RSA sign and verify
>
> On Thu, Mar 14, 2013, Leon Brits wrote:
>
> > Just a view more questions:
> >
> > In my existing code, I used the EVP_SignInit/Update/Final calls. I did
> > not set the padding so the default (RSASSA_PKCS1.5) was always used.
> > So now, to set the padding, I've added the code as mentioned after the
> > EVP_SignInit() and before the first EVP_SignUpdate().
> >
> > This all worked, until I've commented out the
> > EVP_PKEY_CTX_set_rsa_padding() call from the verification function (as
> > a test). This should cause the default padding to be used and should
> > fail to verify signatures with the PSS padding scheme (right?). Well is
> succeeds.
> >
> > 1. Comments?  2. Can I mix the EVP_SignInit/Update/Final() and
> > EVP_DigestSignInit/Update/Final() calls?
> >
> > Info: I've noticed that one should not free the key context
> > (EVP_PKEY_CTX) returned from EVP_DigestSignInit() since it is deleted
> > in the digest context (EVP_MD_CTX). This sould be noted somewhere.
> >
>
> No you can't mix the two. You should use EVP_Digest* throughout.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Loading...