[openssl-dev] FIPS compliant digital signature
Dr. Stephen Henson
steve at openssl.org
Wed Feb 4 19:21:19 UTC 2015
On Wed, Feb 04, 2015, Rex Bloom wrote:
> Can someone help me understand what type of digital signature I can use for FIPS compliance.
>
> I used this command:
>
> openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem 2048
>
> to generate a pem file but when I tried to load this as follows:
>
> RSA *rkey = PEM_read_bio_RSAPrivateKey( bio, 0, 0, (void*)"mypassphrase");
>
> I receive this error
>
> error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips'.
>
> Can you point to anything I am doing wrong here?
>
This is an openssl-users question not openssl-dev.
You need to be in FIPS mode when you create the key. So if you do:
OPENSSL_FIPS=1 openssl genrsa ...
It should work.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list