EVP_PKEY_sign(3) OpenSSL EVP_PKEY_sign(3) NNAAMMEE EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm SSYYNNOOPPSSIISS #include int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); DDEESSCCRRIIPPTTIIOONN The _E_V_P___P_K_E_Y___s_i_g_n___i_n_i_t_(_) function initializes a public key algorithm context using key ppkkeeyy for a signing operation. The _E_V_P___P_K_E_Y___s_i_g_n_(_) function performs a public key signing operation using ccttxx. The data to be signed is specified using the ttbbss and ttbbsslleenn parameters. If ssiigg is NNUULLLL then the maximum size of the output buffer is written to the ssiigglleenn parameter. If ssiigg is not NNUULLLL then before the call the ssiigglleenn parameter should contain the length of the ssiigg buffer, if the call is successful the signature is written to ssiigg and the amount of data written to ssiigglleenn. NNOOTTEESS _E_V_P___P_K_E_Y___s_i_g_n_(_) does not hash the data to be signed, and therefore is normally used to sign digests. For signing arbitrary messages, see the _E_V_P___D_i_g_e_s_t_S_i_g_n_I_n_i_t(3) and _E_V_P___S_i_g_n_I_n_i_t(3) signing interfaces instead. After the call to _E_V_P___P_K_E_Y___s_i_g_n___i_n_i_t_(_) algorithm specific control oper- ations can be performed to set any appropriate parameters for the oper- ation (see _E_V_P___P_K_E_Y___C_T_X___c_t_r_l(3)). The function _E_V_P___P_K_E_Y___s_i_g_n_(_) can be called more than once on the same context if several operations are performed using the same parameters. RREETTUURRNN VVAALLUUEESS _E_V_P___P_K_E_Y___s_i_g_n___i_n_i_t_(_) and _E_V_P___P_K_E_Y___s_i_g_n_(_) return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indi- cates the operation is not supported by the public key algorithm. EEXXAAMMPPLLEE Sign data using RSA with PKCS#1 padding and SHA256 digest: #include #include EVP_PKEY_CTX *ctx; /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; size_t mdlen = 32, siglen; EVP_PKEY *signing_key; /* * NB: assumes signing_key and md are set up before the next * step. signing_key must be an RSA private key and md must * point to the SHA-256 digest to be signed. */ ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) /* Error */ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) /* Error */ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) /* Error */ /* Determine buffer length */ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) /* Error */ sig = OPENSSL_malloc(siglen); if (!sig) /* malloc failure */ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) /* Error */ /* Signature is siglen bytes written to buffer sig */ SSEEEE AALLSSOO _E_V_P___P_K_E_Y___C_T_X___n_e_w(3), _E_V_P___P_K_E_Y___C_T_X___c_t_r_l(3), _E_V_P___P_K_E_Y___e_n_c_r_y_p_t(3), _E_V_P___P_K_E_Y___d_e_c_r_y_p_t(3), _E_V_P___P_K_E_Y___v_e_r_i_f_y(3), _E_V_P___P_K_E_Y___v_e_r_i_f_y___r_e_c_o_v_e_r(3), _E_V_P___P_K_E_Y___d_e_r_i_v_e(3) HHIISSTTOORRYY These functions were first added to OpenSSL 1.0.0. 1.0.1u 2016-09-22 EVP_PKEY_sign(3)