OpenSSL Beta 2, report of successful migration
Olivier Mascia
om at integral.be
Mon Aug 2 12:17:48 UTC 2021
> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation.
For JWS signing in relation to Letsencrypt (my use case for this - mKey is a RSA keypair in EVP_PKEY*):
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(mKey, nullptr);
EVP_PKEY_sign_init(ctx);
EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
EVP_PKEY_sign(ctx, nullptr, ... // to check the result length
EVP_PKEY_sign(ctx, signature, ... // to sign and retrieve the signature
EVP_PKEY_CTX_free(ctx);
Looks good in our testings (I mean it works, as much as Letsencrypt does not bite and deliver our certificates).
__
Best Regards, Meilleures salutations, Met vriendelijke groeten, Mit freundlichen Grüßen,
Olivier Mascia
More information about the openssl-users
mailing list