Loading doc/apps/pkeyutl.pod +13 −0 Original line number Diff line number Diff line Loading @@ -137,6 +137,19 @@ Unless otherwise mentioned all algorithms support the B<digest:alg> option which specifies the digest in use for sign, verify and verifyrecover operations. The value B<alg> should represent a digest name as used in the EVP_get_digestbyname() function for example B<sha1>. This value is used only for sanity-checking the lengths of data passed in to the B<pkeyutl> and for creating the structures that make up the signature (e.g. B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures). In case of RSA, ECDSA and DSA signatures, this utility will not perform hashing on input data but rather use the data directly as input of signature algorithm. Depending on key type, signature type and mode of padding, the maximum acceptable lengths of input data differ. In general, with RSA the signed data can't be longer than the key modulus, in case of ECDSA and DSA the data shouldn't be longer than field size, otherwise it will be silently truncated to field size. In other words, if the value of digest is B<sha1> the input should be 20 bytes long binary encoding of SHA-1 hash function output. =head1 RSA ALGORITHM Loading Loading
doc/apps/pkeyutl.pod +13 −0 Original line number Diff line number Diff line Loading @@ -137,6 +137,19 @@ Unless otherwise mentioned all algorithms support the B<digest:alg> option which specifies the digest in use for sign, verify and verifyrecover operations. The value B<alg> should represent a digest name as used in the EVP_get_digestbyname() function for example B<sha1>. This value is used only for sanity-checking the lengths of data passed in to the B<pkeyutl> and for creating the structures that make up the signature (e.g. B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures). In case of RSA, ECDSA and DSA signatures, this utility will not perform hashing on input data but rather use the data directly as input of signature algorithm. Depending on key type, signature type and mode of padding, the maximum acceptable lengths of input data differ. In general, with RSA the signed data can't be longer than the key modulus, in case of ECDSA and DSA the data shouldn't be longer than field size, otherwise it will be silently truncated to field size. In other words, if the value of digest is B<sha1> the input should be 20 bytes long binary encoding of SHA-1 hash function output. =head1 RSA ALGORITHM Loading
Rich Salz <rsalz@openssl.org> Reviewed-by:
Dr. Stephen Henson <steve@openssl.org>