Updating RSA public key generation and signature verification from 1.1.1 to 3.0

Tomas Mraz tomas at openssl.org
Fri Sep 9 15:36:05 UTC 2022


On Thu, 2022-09-08 at 16:10 +0000, GonzalezVillalobos, Diego via
openssl-users wrote:
> [AMD Official Use Only - General]
> 
> Hello everyone,
>  
> I am currently working on updating a signature verification function
> in C++ and I am a bit stuck. I am trying to replace the deprecated
> 1.1.1 functions to the appropriate 3.0 versions. The function takes
> in 2 certificate objects (parent and cert), which are not x509
> certificates, but certificates the company had previously defined.
> Using the contents from parent we create an RSA public key and using
> the contents from cert we create the digest and grab the signature to
> verify.
>  
> In the 1.1.1 version we were using the RSA Object and the
> rsa_set0_key function to create the RSA public key and then used
> RSA_public_decrypt to decrypt the signature and RSA_verify_PKCS1_PSS
> to verify it. This whole workflow is now deprecated.
> 
...
> Is this the correct way of creating RSA keys now? Where is my logic
> failing? Can the same type of procedure even be done on 3.0? Any
> advice would be really appreciated.
>  

In the original code you seem to be using PSS padding for verification.
Did you try to set the PSS padding on the digest verify context? See
demos/signature/rsa_pss_hash.c on how to do it.

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list