[openssl-users] Question w.r.t EVP Signing and Verifying
Kumar Venkatarao
kvenkatarao at infinera.com
Fri Aug 31 05:52:49 UTC 2018
Hi,
I am writing a program to do pairwise consistency checks using EVP API's for RSA and
ECDSA keys. The private and public keys are obtained from a PKCS12 file.
I've based my program on the sample code provided at -
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
Version of openssl used is OpenSSL 1.0.2n/FIPS v2.0.16
The code works well for RSA based keys. However, with ECDSA the EVP_VerifyDigestFinal
Function always return 0. The Man page seem to indicate a return value of 0 doesn't
Indicate of any serious error, but says verification is a failure.
The questions are -
1. Why does EVP_DigestVerifyFinal fail for ECDSA keys ? Is it a known problem ?
2. If I need to use ECDSA_sign and ECDSA_verify call, I need to convert the EVP_PKEY
Structure to EC_KEY. I do find a supporting API - EVP_PKEY_set1_EC_KEY. However,
This seems true for Only private keys. Is there any function that would accept
EVP_PKEYs (private/public) and generate a single EC_KEY structure so that
ECDSA_sign/ECDSA_verify can be used ?
Thanks
Kumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180831/54fd693b/attachment.html>
More information about the openssl-users
mailing list