[openssl-users] Openssl api for signature verification using digest

Tue Aug 28 11:47:34 UTC 2018

Hi!

I would suggest using the newer `EVP_DigestSign` interface.

You could find more documentation about it here:
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying

Here is the relevant manpage:
https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerifyInit.html

Best regards,

Nicola Tuveri

On Tue, Aug 28, 2018, 14:09 Linta Maria <lintamaria194 at gmail.com> wrote:

>
>
> Hi All,
>
>
>
>
>
> I have started using open ssl recently for implementing some cryptographic
> operation.
>
> Now I want to implement signature verification by taking Signature and
> hashed data as input, but I am not able to get the proper API.
>
> I have used below code, but it’s not working. Please help me to get the
> correct API.
>
>
>
>
>
> #include <openssl/evp.h>
>
> #include <openssl/rsa.h>
>
>
>
> EVP_PKEY_CTX *ctx;
>
> unsigned char *md, *sig;
>
> size_t mdlen, siglen;
>
> EVP_PKEY *verify_key;
>
>
>
> /*
>
>   * NB: assumes verify_key, sig, siglen md and mdlen are already set up
>
>   * and that verify_key is an RSA public key
>
>   */
>
> ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
>
> if (!ctx)
>
>      /* Error occurred */
>
> if (EVP_PKEY_verify_init(ctx) <= 0)
>
>      /* Error */
>
> if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
>
>      /* Error */
>
> if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
>
>      /* Error */
>
>
>
> /* Perform operation */
>
> ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
>
>
>
> /*
>
>   * ret == 1 indicates success, 0 verify failure and < 0 for some
>
>   * other error.
>
>   */
>
>
>
>
>
>
>
> Best regards,
>
> *George Linta Maria*
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180828/be4ecd7b/attachment.html>