[openssl-users] Question w.r.t EVP Signing and Verifying

Kumar Venkatarao kvenkatarao at infinera.com
Fri Aug 31 05:52:49 UTC 2018


Hi,

I am writing a program to do pairwise consistency checks using EVP API's for RSA and
ECDSA keys. The private and public keys are obtained from a PKCS12 file.
I've based my program on the sample code provided at -
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
Version of openssl used is OpenSSL 1.0.2n/FIPS v2.0.16

The code works well for RSA based keys. However, with ECDSA the EVP_VerifyDigestFinal
Function always return 0.   The Man page seem to indicate a return value of 0 doesn't
Indicate of any serious error, but says verification is a failure.

The questions are -


1.      Why does EVP_DigestVerifyFinal fail for ECDSA keys ? Is it a known problem ?

2.      If I need to use ECDSA_sign and ECDSA_verify call,  I need to convert the EVP_PKEY

Structure to EC_KEY.  I do find a supporting API - EVP_PKEY_set1_EC_KEY. However,

This seems true for Only private keys.  Is there any function that would accept

EVP_PKEYs (private/public) and generate a single EC_KEY structure so that

ECDSA_sign/ECDSA_verify can be used ?

Thanks
Kumar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180831/54fd693b/attachment.html>


More information about the openssl-users mailing list