RAND_pseudo_bytes is good enough for encryption IVs,
[openssl.git] / demos / sign / sig.txt
1 From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
2 Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
3   (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
4 Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
5 Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
6 Received: by minbne.mincom.oz.au id AA22230
7   (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
8 Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
9 Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
10 Date: Mon, 30 Sep 1996 01:37:40 +0100
11 Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
12 From: Sampo Kellomaki <sampo@neuronio.pt>
13 To: ssl-users@mincom.com
14 Cc: sampo@brutus.neuronio.pt
15 Subject: Signing with envelope routines
16 Sender: ssl-lists-owner@mincom.com
17 Precedence: bulk
18 Status: RO
19 X-Status: D
20
21
22 I have been trying to figure out how to produce signatures with EVP_
23 routines. I seem to be able to read in private key and sign some
24 data ok, but I can't figure out how I am supposed to read in
25 public key so that I could verify my signature. I use self signed
26 certificate.
27
28 I figured I should use
29         EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
30                                        fp, NULL, NULL);
31 to read in private key and this seems to work Ok.
32
33 However when I try analogous
34         EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
35                                        fp, NULL, NULL);
36 the program fails with
37
38 error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
39 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
40
41 I figured that the second argument to PEM_ASN1_read should match the
42 name in my PEM encoded object, hence PEM_STRING_X509.
43 PEM_STRING_EVP_PKEY seems to be somehow magical
44 because it matches whatever private key there happens to be. I could
45 not find a similar constant to use with getting the certificate, however.
46
47 Is my approach of using PEM_ASN1_read correct? What should I pass in
48 as name?  Can I use normal (or even self signed) X509 certificate for
49 verifying the signature?
50
51 When will SSLeay documentation be written ;-)? If I would contribute
52 comments to the code, would Eric take time to review them and include
53 them in distribution?
54
55 I'm using SSLeay-0.6.4. My program is included below along with the
56 key and cert that I use.
57
58 --Sampo
59
60 -----------------------------------
61 /* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
62    29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
63
64 #include <stdio.h>
65 #include "rsa.h"
66 #include "evp.h"
67 #include "objects.h"
68 #include "x509.h"
69 #include "err.h"
70 #include "pem.h"
71 #include "ssl.h"
72
73 void main ()
74 {
75   int err;
76   int sig_len;
77   unsigned char sig_buf [4096];
78   const char certfile[] = "plain-cert.pem";
79   const char keyfile[]  = "plain-key.pem";
80   const char data[]     = "I owe you...";
81   EVP_MD_CTX     md_ctx;
82   EVP_PKEY*      pkey;
83   FILE*          fp;
84
85   SSL_load_error_strings();
86   
87   /* Read private key */
88   
89   fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
90   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
91                                    PEM_STRING_EVP_PKEY,
92                                    fp,
93                                    NULL, NULL);
94   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
95   fclose (fp);
96   
97   /* Do the signature */
98   
99   EVP_SignInit   (&md_ctx, EVP_md5());
100   EVP_SignUpdate (&md_ctx, data, strlen(data));
101   sig_len = sizeof(sig_buf);
102   err = EVP_SignFinal (&md_ctx,
103                        sig_buf, 
104                        &sig_len,
105                        pkey);
106   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
107   EVP_PKEY_free (pkey);
108   
109   /* Read public key */
110   
111   fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
112   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
113                                    PEM_STRING_X509,
114                                    fp,
115                                    NULL, NULL);
116   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
117   fclose (fp);
118   
119   /* Verify the signature */
120   
121   EVP_VerifyInit   (&md_ctx, EVP_md5());
122   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
123   err = EVP_VerifyFinal (&md_ctx,
124                          sig_buf,
125                          sig_len,
126                          pkey);
127   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
128   EVP_PKEY_free (pkey);
129   printf ("Signature Verified Ok.\n");
130 }
131 /* EOF */
132 --------------- plain-cert.pem -----------------
133 -----BEGIN CERTIFICATE-----
134 MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
135 VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
136 bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
137 dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
138 DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
139 EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
140 dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
141 EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
142 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
143 L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
144 BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
145 9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
146 -----END CERTIFICATE-----
147 ---------------- plain-key.pem -----------------
148 -----BEGIN RSA PRIVATE KEY-----
149 MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
150 2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
151 oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
152 8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
153 a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
154 WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
155 6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
156 -----END RSA PRIVATE KEY-----
157 ------------------------------------------------
158