OpenSSL Beta 2, report of successful migration

Olivier Mascia om at
Mon Aug 2 12:17:48 UTC 2021

> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation. 

For JWS signing in relation to Letsencrypt (my use case for this - mKey is a RSA keypair in EVP_PKEY*):

	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr);
	EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
	EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
	EVP_PKEY_sign(ctx, nullptr, ... 	// to check the result length
	EVP_PKEY_sign(ctx, signature, ... 	// to sign and retrieve the signature

Looks good in our testings (I mean it works, as much as Letsencrypt does not bite and deliver our certificates).
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
Olivier Mascia

More information about the openssl-users mailing list