[openssl-users] Openssl api for signature verification using digest

Linta Maria lintamaria194 at gmail.com
Tue Aug 28 14:06:29 UTC 2018


Thanks Nicola for the updates.
But I need to verify signature with hashed data or digest not with original
message.
Is there any openssl API to implement that?

On Tue 28 Aug, 2018, 5:18 PM Nicola, <nic.tuv at gmail.com> wrote:

> Hi!
>
> I would suggest using the newer `EVP_DigestSign` interface.
>
> You could find more documentation about it here:
> https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
>
> Here is the relevant manpage:
> https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerifyInit.html
>
> Best regards,
>
> Nicola Tuveri
>
> On Tue, Aug 28, 2018, 14:09 Linta Maria <lintamaria194 at gmail.com> wrote:
>
>>
>>
>> Hi All,
>>
>>
>>
>>
>>
>> I have started using open ssl recently for implementing some
>> cryptographic operation.
>>
>> Now I want to implement signature verification by taking Signature and
>> hashed data as input, but I am not able to get the proper API.
>>
>> I have used below code, but it’s not working. Please help me to get the
>> correct API.
>>
>>
>>
>>
>>
>> #include <openssl/evp.h>
>>
>> #include <openssl/rsa.h>
>>
>>
>>
>> EVP_PKEY_CTX *ctx;
>>
>> unsigned char *md, *sig;
>>
>> size_t mdlen, siglen;
>>
>> EVP_PKEY *verify_key;
>>
>>
>>
>> /*
>>
>>   * NB: assumes verify_key, sig, siglen md and mdlen are already set up
>>
>>   * and that verify_key is an RSA public key
>>
>>   */
>>
>> ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
>>
>> if (!ctx)
>>
>>      /* Error occurred */
>>
>> if (EVP_PKEY_verify_init(ctx) <= 0)
>>
>>      /* Error */
>>
>> if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
>>
>>      /* Error */
>>
>> if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
>>
>>      /* Error */
>>
>>
>>
>> /* Perform operation */
>>
>> ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
>>
>>
>>
>> /*
>>
>>   * ret == 1 indicates success, 0 verify failure and < 0 for some
>>
>>   * other error.
>>
>>   */
>>
>>
>>
>>
>>
>>
>>
>> Best regards,
>>
>> *George Linta Maria*
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180828/003cb1c1/attachment.html>


More information about the openssl-users mailing list