[openssl-users] EVP signing

Federico Buti bacarozzo at gmail.com
Wed Mar 14 09:20:25 UTC 2018

Hi list.

I'm currently implementing a signing routine and for that I'm using the
high-level API EVP according to this page
<https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying>. I'm using
openssl 1.0.2m.

I need to sign with hashing SHA256 and prime256v1, with the former
retrieved via "EVP_get_digestbyname". The private key is stored in a PEM
file and loaded via "PEM_read_bio_PrivateKey". It is correctly loaded and
correctly recognized to be of type EC (408).

So far so good, I am able to sign the payload and verify it. Hence, the
procedure is correctly carried out. HOWEVER, once the signed payload is
sent to the server, it is rejected. I believe the issue is with "prime256v1"
because, as far as I can tell, that is not the default curve for EC signing.

Looking into the documentation I tried to set the correct curve like this
(smart pointers used, error handling ignored for the sake of brevity):

 EVP_PKEY_CTX * pctx;

EVP_DigestSignInit(mdctx.get(), &pctx, digestFunction, NULL, key.get()))


EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1);

// usual steps...

But that leads to errors in "EVP_DigestSignFinal" and the inability to sign
the payload. Probably this is not the correct way to set the curve.

So, what's the correct way to sign a payload with SHA256 and prime256v1? Is
EVP api the correct one?

Thanks in advance for the help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180314/811cb095/attachment-0001.html>

More information about the openssl-users mailing list