OpenSSL Beta 2, report of successful migration

Olivier Mascia om at integral.be
Mon Aug 2 12:17:48 UTC 2021


> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation. 

For JWS signing in relation to Letsencrypt (my use case for this - mKey is a RSA keypair in EVP_PKEY*):

	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr);
	EVP_PKEY_sign_init(ctx);
	EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
	EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
	EVP_PKEY_sign(ctx, nullptr, ... 	// to check the result length
	EVP_PKEY_sign(ctx, signature, ... 	// to sign and retrieve the signature
	EVP_PKEY_CTX_free(ctx);

Looks good in our testings (I mean it works, as much as Letsencrypt does not bite and deliver our certificates).
__
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
Olivier Mascia




More information about the openssl-users mailing list