Quantcast

Sign using RSA-SHA1

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Sign using RSA-SHA1

Kaushalye Kapuruge
Hi List,
I need to sign a text using RSA-SHA1. (
http://www.w3.org/2000/09/xmldsig#rsa-sha1 
<http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
specification http://www.w3.org/TR/xmldsig-core/)

I found a set of EVP_ functions to do this.
i.e.
EVP_SignInit   (&md_ctx, EVP_sha1());
EVP_SignUpdate (&md_ctx, data, strlen(data));
siglen = sizeof(sigbuf);
err = EVP_SignFinal (&md_ctx,
               sigbuf,
               &siglen,
               pkey);
In the above I have specified to use "SHA-1" as the digest method.
But I'm wondering where I have to specify "to sign using RSA". Does
these functions automatically decide the algorithm (e.g. DSA-SHA1,
RSA-SHA1) by inspecting the EVP_PKEY* ?
Please advice.
Thanks,
Kaushalye
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sign using RSA-SHA1

Nils Larsch
Kaushalye Kapuruge wrote:

> Hi List,
> I need to sign a text using RSA-SHA1. (
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 
> <http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
> specification http://www.w3.org/TR/xmldsig-core/)
>
> I found a set of EVP_ functions to do this.
> i.e.
> EVP_SignInit   (&md_ctx, EVP_sha1());
> EVP_SignUpdate (&md_ctx, data, strlen(data));
> siglen = sizeof(sigbuf);
> err = EVP_SignFinal (&md_ctx,
>               sigbuf,
>               &siglen,
>               pkey);
> In the above I have specified to use "SHA-1" as the digest method.
> But I'm wondering where I have to specify "to sign using RSA". Does
> these functions automatically decide the algorithm (e.g. DSA-SHA1,
> RSA-SHA1) by inspecting the EVP_PKEY* ?
> Please advice.

if you use the cvs head (alias 0.9.9-dev) you can use EVP_sha*()
together with a RSA, DSA or a EC key to create a RSA etc.
signature. In OpenSSL <= 0.9.8 you need to use EVP_dss1()
or EVP_sha1() for RSA (the EVP_<digest name>() functions always
assume a RSA key).

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sign using RSA-SHA1

Kaushalye Kapuruge
Nils Larsch wrote:

> Kaushalye Kapuruge wrote:
>> Hi List,
>> I need to sign a text using RSA-SHA1. (
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1 
>> <http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
>> specification http://www.w3.org/TR/xmldsig-core/)
>>
>> I found a set of EVP_ functions to do this.
>> i.e.
>> EVP_SignInit   (&md_ctx, EVP_sha1());
>> EVP_SignUpdate (&md_ctx, data, strlen(data));
>> siglen = sizeof(sigbuf);
>> err = EVP_SignFinal (&md_ctx,
>>               sigbuf,
>>               &siglen,
>>               pkey);
>> In the above I have specified to use "SHA-1" as the digest method.
>> But I'm wondering where I have to specify "to sign using RSA". Does
>> these functions automatically decide the algorithm (e.g. DSA-SHA1,
>> RSA-SHA1) by inspecting the EVP_PKEY* ?
>> Please advice.
>
> if you use the cvs head (alias 0.9.9-dev) you can use EVP_sha*()
> together with a RSA, DSA or a EC key to create a RSA etc.
> signature. In OpenSSL <= 0.9.8 you need to use EVP_dss1()
> or EVP_sha1() for RSA (the EVP_<digest name>() functions always
> assume a RSA key).
Hmm.. strange.
If functions always assume RSA key, how am I going to implement DSA-SHA1?
I have no problem with the digest part. My first thought was, these set
of functions are higher level APIs that serves for both DSA and RSA.
Thanks a lot for the reply.
-Kau
>
> Cheers,
> Nils
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sign using RSA-SHA1

Christian Hohnstaedt
On Wed, Feb 14, 2007 at 02:59:23PM +0530, Kaushalye Kapuruge wrote:

> Nils Larsch wrote:
> >Kaushalye Kapuruge wrote:
> >>Hi List,
> >>I need to sign a text using RSA-SHA1. (
> >>http://www.w3.org/2000/09/xmldsig#rsa-sha1 
> >><http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
> >>specification http://www.w3.org/TR/xmldsig-core/)
> >>
> >>I found a set of EVP_ functions to do this.
> >>i.e.
> >>EVP_SignInit   (&md_ctx, EVP_sha1());
> >>EVP_SignUpdate (&md_ctx, data, strlen(data));
> >>siglen = sizeof(sigbuf);
> >>err = EVP_SignFinal (&md_ctx,
> >>              sigbuf,
> >>              &siglen,
> >>              pkey);
> >>In the above I have specified to use "SHA-1" as the digest method.
> >>But I'm wondering where I have to specify "to sign using RSA". Does
> >>these functions automatically decide the algorithm (e.g. DSA-SHA1,
> >>RSA-SHA1) by inspecting the EVP_PKEY* ?
> >>Please advice.
> >
> >if you use the cvs head (alias 0.9.9-dev) you can use EVP_sha*()
> >together with a RSA, DSA or a EC key to create a RSA etc.
> >signature. In OpenSSL <= 0.9.8 you need to use EVP_dss1()
> >or EVP_sha1() for RSA (the EVP_<digest name>() functions always
> >assume a RSA key).
> Hmm.. strange.
> If functions always assume RSA key, how am I going to implement DSA-SHA1?

EVP_dss1() -> DSA-SHA1
EVP_sha1() -> RSA-SHA1
EVP_<digest name>() -> RSA-<digest name>

Christian
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Sign using RSA-SHA1

WCR
Hi All

> >>I need to sign a text using RSA-SHA1. (
> >>http://www.w3.org/2000/09/xmldsig#rsa-sha1
> >><http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
> >>specification http://www.w3.org/TR/xmldsig-core/)

I'm a newbie and want to sign a RSA-SHA1 from the command line?
I've tried:

openssl dgst -sha1 -sign 12677.pem -out mydigest.sha 12677.sig

But the result is strange. When used in an xml message there are errors
saying invalid characters. See attachments.

I am desperate to resolve this. Any gratefully appreciated

Thanks
David



12677.SIG (178 bytes) Download Attachment
12677.PEM (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sign using RSA-SHA1

Nils Larsch
WCR wrote:

> Hi All
>
>>>> I need to sign a text using RSA-SHA1. (
>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>> <http://www.w3.org/2000/09/xmldsig#rsa-sha1> as per XML-Signature
>>>> specification http://www.w3.org/TR/xmldsig-core/)
>
> I'm a newbie and want to sign a RSA-SHA1 from the command line?
> I've tried:
>
> openssl dgst -sha1 -sign 12677.pem -out mydigest.sha 12677.sig
>
> But the result is strange. When used in an xml message there are errors
> saying invalid characters. See attachments.

well I guess you know that the result is binary and needs to be base64
before you can include it in a xml document.

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Loading...