[openssl-users] Migrating from EVP_Verify*/EVP_Sign* to EVP_Digest*
Tobias Nießen
tniessen at tnie.de
Tue Feb 28 11:01:44 UTC 2017
Hello,
we are currently discussing support for RSASSA-PSS padding in the
node.js built-in crypto module:
https://github.com/nodejs/node/issues/1127
So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs, which
do not support specifying
the padding (and salt length). We considered switching to the newer
EVP_Digest* functions, but we
cannot provide the public key during initialization of the signature /
verification process as this would
require unacceptable changes to the public API of the crypto module. Is
there any way to use the
new API without specifying the key during initialization? Considering
that the old API just computes
a message digest until EVP_SignFinal/EVP_VerifyFinal is called,
shouldn't it be possible to do merely
the same thing using the new API?
If it is impossible, is there any workaround?
Thank you in advance,
Tobias
More information about the openssl-users
mailing list