EVP_PKEY_sign.pod 3.1 KB
Newer Older
D
Dr. Stephen Henson 已提交
1 2 3 4
=pod

=head1 NAME

D
Dr. Stephen Henson 已提交
5
EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
D
Dr. Stephen Henson 已提交
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

=head1 SYNOPSIS

 #include <openssl/evp.h>

 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
			unsigned char *sig, size_t *siglen,
			const unsigned char *tbs, size_t tbslen);

=head1 DESCRIPTION

The EVP_PKEY_sign_init() function initializes a public key algorithm
context using key B<pkey> for a signing operation.

The EVP_PKEY_sign() function performs a public key signing operation
using B<ctx>. The data to be signed is specified using the B<tbs> and
B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
before the call the B<siglen> parameter should contain the length of the
B<sig> buffer, if the call is successful the signature is written to
B<sig> and the amount of data written to B<siglen>.

=head1 NOTES

31 32 33 34 35
EVP_PKEY_sign() does not hash the data to be signed, and therefore is
normally used to sign digests. For signing arbitrary messages, see the
L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)> and
L<EVP_SignInit(3)|EVP_SignInit(3)> signing interfaces instead.

D
Dr. Stephen Henson 已提交
36 37
After the call to EVP_PKEY_sign_init() algorithm specific control
operations can be performed to set any appropriate parameters for the
38
operation (see L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>).
D
Dr. Stephen Henson 已提交
39 40 41 42 43 44 45 46 47 48 49 50

The function EVP_PKEY_sign() can be called more than once on the same
context if several operations are performed using the same parameters.

=head1 RETURN VALUES

EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
or a negative value for failure. In particular a return value of -2
indicates the operation is not supported by the public key algorithm.

=head1 EXAMPLE

D
Dr. Stephen Henson 已提交
51 52 53 54 55 56
Sign data using RSA with PKCS#1 padding and SHA256 digest:

 #include <openssl/evp.h>
 #include <openssl/rsa.h>

 EVP_PKEY_CTX *ctx;
57
 /* md is a SHA-256 digest in this example. */
D
Dr. Stephen Henson 已提交
58
 unsigned char *md, *sig;
59
 size_t mdlen = 32, siglen;
D
Dr. Stephen Henson 已提交
60
 EVP_PKEY *signing_key;
61 62 63 64 65

 /*
  * NB: assumes signing_key and md are set up before the next
  * step. signing_key must be an RSA private key and md must
  * point to the SHA-256 digest to be signed.
D
Dr. Stephen Henson 已提交
66
  */
67
 ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */);
D
Dr. Stephen Henson 已提交
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
 if (!ctx)
	/* Error occurred */
 if (EVP_PKEY_sign_init(ctx) <= 0)
	/* Error */
 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
	/* Error */
 if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
	/* Error */

 /* Determine buffer length */
 if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
	/* Error */

 sig = OPENSSL_malloc(siglen);

 if (!sig)
	/* malloc failure */
 
 if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
	/* Error */

 /* Signature is siglen bytes written to buffer sig */
D
Dr. Stephen Henson 已提交
90 91 92 93 94


=head1 SEE ALSO

L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
95
L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>,
D
Dr. Stephen Henson 已提交
96 97 98
L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
99
L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
D
Dr. Stephen Henson 已提交
100 101 102 103
L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 

=head1 HISTORY

104
These functions were first added to OpenSSL 1.0.0.
D
Dr. Stephen Henson 已提交
105 106

=cut