[openssl-dev] FIPS compliant digital signature
Rex Bloom
rex at kalos-inc.com
Wed Feb 4 19:30:29 UTC 2015
Thank you!! Worked perfectly and was exactly what I was missing.
-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, February 4, 2015 1:21 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] FIPS compliant digital signature
On Wed, Feb 04, 2015, Rex Bloom wrote:
> Can someone help me understand what type of digital signature I can use for FIPS compliance.
>
> I used this command:
>
> openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem
> 2048
>
> to generate a pem file but when I tried to load this as follows:
>
> RSA *rkey = PEM_read_bio_RSAPrivateKey( bio, 0, 0,
> (void*)"mypassphrase");
>
> I receive this error
>
> error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips'.
>
> Can you point to anything I am doing wrong here?
>
This is an openssl-users question not openssl-dev.
You need to be in FIPS mode when you create the key. So if you do:
OPENSSL_FIPS=1 openssl genrsa ...
It should work.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org _______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
More information about the openssl-dev
mailing list