Difference between revisions of "EVP Signing and Verifying"
From OpenSSLWiki
Jump to navigationJump to search (Created page with "There are two APIs available for performing sign and verify operations. The older EVP_Sign* functions, and the newer and more flexible EVP_DigestSign* functions. They are very si…") |
|||
Line 8: | Line 8: | ||
* Create the signature | * Create the signature | ||
− | In order to initialise the operation, you need to have first set up a EVP_PKEY object containing a public key for an algorithm that supports signing. Refer to [[EVP | + | In order to initialise the operation, you need to have first set up a EVP_PKEY object containing a public key for an algorithm that supports signing. Refer to [[EVP#Working with EVP_PKEYs|Working with EVP_PKEYs]] for further information. You also need to provide a message digest algorithm (refer to [[EVP#Working with Algorithms and Modes|Working with Algorithms and Modes]]). |
See the following for an example of signing a message: | See the following for an example of signing a message: |
Revision as of 22:38, 28 February 2013
There are two APIs available for performing sign and verify operations. The older EVP_Sign* functions, and the newer and more flexible EVP_DigestSign* functions. They are very similar, but for new applications the EVP_DigestSign* versions should be preferred.
Signing a Message
Signing a message is a three stage process:
- Initialise the operation.
- Add message data (this step can be repeated as many times as necessary to add more message data)
- Create the signature
In order to initialise the operation, you need to have first set up a EVP_PKEY object containing a public key for an algorithm that supports signing. Refer to Working with EVP_PKEYs for further information. You also need to provide a message digest algorithm (refer to Working with Algorithms and Modes).
See the following for an example of signing a message:
/* Create the Message Digest Context */ if(!(mdctx = EVP_MD_CTX_create())) goto err; /* Initialise the DigestSign operation */ if(!EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, key)) goto err; /* Call update with the message */ if(!EVP_DigestSignUpdate(mdctx, msg, strlen(msg))) goto err; /* Finalise the DigestSign operation */ *sig = NULL; if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err; if(!(*sig = malloc(sizeof(unsigned char) * (*slen)))) goto err; if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;