Difference between revisions of "EVP Signing and Verifying"

From OpenSSLWiki
Jump to navigationJump to search
Line 12: Line 12:
 
See the following for an example of signing a message:
 
See the following for an example of signing a message:
  
 +
EVP_MD_CTX *mdctx = NULL;
 +
int ret = 0;
 +
 +
*sig = NULL;
 +
 
  /* Create the Message Digest Context */
 
  /* Create the Message Digest Context */
 
  if(!(mdctx = EVP_MD_CTX_create())) goto err;
 
  if(!(mdctx = EVP_MD_CTX_create())) goto err;
Line 22: Line 27:
 
   
 
   
 
  /* Finalise the DigestSign operation */
 
  /* Finalise the DigestSign operation */
*sig = NULL;
 
 
  if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;
 
  if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;
 
  if(!(*sig = malloc(sizeof(unsigned char) * (*slen)))) goto err;
 
  if(!(*sig = malloc(sizeof(unsigned char) * (*slen)))) goto err;
 
  if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;
 
  if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;
 +
 +
/* Success */
 +
ret = 1;
 +
 +
err:
 +
if(ret != 1)
 +
{
 +
  /* Do some error handling */
 +
}
 +
 +
/* Clean up */
 +
if(*sig && !ret) free(*sig);
 +
if(mdctx) EVP_MD_CTX_destroy(mdctx);

Revision as of 22:43, 28 February 2013

There are two APIs available for performing sign and verify operations. The older EVP_Sign* functions, and the newer and more flexible EVP_DigestSign* functions. They are very similar, but for new applications the EVP_DigestSign* versions should be preferred.

Signing a Message

Signing a message is a three stage process:

  • Initialise the operation.
  • Add message data (this step can be repeated as many times as necessary to add more message data)
  • Create the signature

In order to initialise the operation, you need to have first set up a EVP_PKEY object containing a public key for an algorithm that supports signing. Refer to Working with EVP_PKEYs for further information. You also need to provide a message digest algorithm (refer to Working with Algorithms and Modes).

See the following for an example of signing a message:

EVP_MD_CTX *mdctx = NULL;
int ret = 0;

*sig = NULL;

/* Create the Message Digest Context */
if(!(mdctx = EVP_MD_CTX_create())) goto err;

/* Initialise the DigestSign operation */
if(!EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, key)) goto err;

/* Call update with the message */
if(!EVP_DigestSignUpdate(mdctx, msg, strlen(msg))) goto err;

/* Finalise the DigestSign operation */
if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;
if(!(*sig = malloc(sizeof(unsigned char) * (*slen)))) goto err;
if(!EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;

/* Success */
ret = 1;

err:
if(ret != 1)
{
  /* Do some error handling */
}

/* Clean up */
if(*sig && !ret) free(*sig);
if(mdctx) EVP_MD_CTX_destroy(mdctx);