XML signature and OpenSSL

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

XML signature and OpenSSL

Szabó Áron
Dear Members,

I'm trying to make an XML signature-creation application (RFC 3275, W3C)
based on OpenSSL functions. Hashing works well (with xmllint C14N
canonicalization), but at signing, output seems to be wrong, or I don't
understand something.

At "sha1" hashing the default output is a *hexadecimal* value, but *binary*
data must be base64 encoded. At "sha1 -sign" signature-creation what happens
exactly inside? Is binary data used with private key? What kind of padding
is used? Is RSASSA-PKCS1-v1_5 signature algorithm used inside? Shall I use
"rsautl -sign -pkcs" instead of "sha1 -sign"? Any other idea, experience?

Thanks your answers in advance!
Aron

----------------------------------------------------
Aron Szabo, M. Sc.
Center of Information Technology
Budapest University of Technology and Economics


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: XML signature and OpenSSL

Dmitry Belyavsky
Hello!

On Mon, 13 Jun 2005, [iso-8859-2] Szab? ?ron wrote:

> Dear Members,
>
> I'm trying to make an XML signature-creation application (RFC 3275, W3C)
> based on OpenSSL functions. Hashing works well (with xmllint C14N
> canonicalization), but at signing, output seems to be wrong, or I don't
> understand something.

It seems to me, XMLSec library (http://www.aleksey.com/xmlsec/) would
solve your problems.

--
SY, Dmitry Belyavsky (ICQ UIN 11116575)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]