demos/sign/sig.txt

   1 From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
   2 Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
   3   (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
   4 Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
   5 Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
   6 Received: by minbne.mincom.oz.au id AA22230
   7   (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
   8 Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
   9 Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
  10 Date: Mon, 30 Sep 1996 01:37:40 +0100
  11 Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
  12 From: Sampo Kellomaki <sampo@neuronio.pt>
  13 To: ssl-users@mincom.com
  14 Cc: sampo@brutus.neuronio.pt
  15 Subject: Signing with envelope routines
  16 Sender: ssl-lists-owner@mincom.com
  17 Precedence: bulk
  18 Status: RO
  19 X-Status: D
  20
  21
  22 I have been trying to figure out how to produce signatures with EVP_
  23 routines. I seem to be able to read in private key and sign some
  24 data ok, but I can't figure out how I am supposed to read in
  25 public key so that I could verify my signature. I use self signed
  26 certificate.
  27
  28 I figured I should use
  29         EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
  30                                        fp, NULL, NULL);
  31 to read in private key and this seems to work Ok.
  32
  33 However when I try analogous
  34         EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
  35                                        fp, NULL, NULL);
  36 the program fails with
  37
  38 error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
  39 error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
  40
  41 I figured that the second argument to PEM_ASN1_read should match the
  42 name in my PEM encoded object, hence PEM_STRING_X509.
  43 PEM_STRING_EVP_PKEY seems to be somehow magical
  44 because it matches whatever private key there happens to be. I could
  45 not find a similar constant to use with getting the certificate, however.
  46
  47 Is my approach of using PEM_ASN1_read correct? What should I pass in
  48 as name?  Can I use normal (or even self signed) X509 certificate for
  49 verifying the signature?
  50
  51 When will SSLeay documentation be written ;-)? If I would contribute
  52 comments to the code, would Eric take time to review them and include
  53 them in distribution?
  54
  55 I'm using SSLeay-0.6.4. My program is included below along with the
  56 key and cert that I use.
  57
  58 --Sampo
  59
  60 -----------------------------------
  61 /* sign-it.cpp  -  Simple test app using SSLeay envelopes to sign data
  62    29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
  63
  64 #include <stdio.h>
  65 #include "rsa.h"
  66 #include "evp.h"
  67 #include "objects.h"
  68 #include "x509.h"
  69 #include "err.h"
  70 #include "pem.h"
  71 #include "ssl.h"
  72
  73 void main ()
  74 {
  75   int err;
  76   int sig_len;
  77   unsigned char sig_buf [4096];
  78   const char certfile[] = "plain-cert.pem";
  79   const char keyfile[]  = "plain-key.pem";
  80   const char data[]     = "I owe you...";
  81   EVP_MD_CTX     md_ctx;
  82   EVP_PKEY*      pkey;
  83   FILE*          fp;
  84
  85   SSL_load_error_strings();
  86
  87   /* Read private key */
  88
  89   fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
  90   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
  91                                    PEM_STRING_EVP_PKEY,
  92                                    fp,
  93                                    NULL, NULL);
  94   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
  95   fclose (fp);
  96
  97   /* Do the signature */
  98
  99   EVP_SignInit   (&md_ctx, EVP_md5());
 100   EVP_SignUpdate (&md_ctx, data, strlen(data));
 101   sig_len = sizeof(sig_buf);
 102   err = EVP_SignFinal (&md_ctx,
 103                        sig_buf,
 104                        &sig_len,
 105                        pkey);
 106   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
 107   EVP_PKEY_free (pkey);
 108
 109   /* Read public key */
 110
 111   fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
 112   pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
 113                                    PEM_STRING_X509,
 114                                    fp,
 115                                    NULL, NULL);
 116   if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
 117   fclose (fp);
 118
 119   /* Verify the signature */
 120
 121   EVP_VerifyInit   (&md_ctx, EVP_md5());
 122   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
 123   err = EVP_VerifyFinal (&md_ctx,
 124                          sig_buf,
 125                          sig_len,
 126                          pkey);
 127   if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
 128   EVP_PKEY_free (pkey);
 129   printf ("Signature Verified Ok.\n");
 130 }
 131 /* EOF */
 132 --------------- plain-cert.pem -----------------
 133 -----BEGIN CERTIFICATE-----
 134 MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
 135 VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
 136 bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
 137 dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
 138 DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
 139 EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
 140 dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
 141 EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
 142 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
 143 L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
 144 BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
 145 9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
 146 -----END CERTIFICATE-----
 147 ---------------- plain-key.pem -----------------
 148 -----BEGIN RSA PRIVATE KEY-----
 149 MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
 150 2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
 151 oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
 152 8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
 153 a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
 154 WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
 155 6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
 156 -----END RSA PRIVATE KEY-----
 157 ------------------------------------------------
 158