4

I need some help using OpenSSL to generate a signature of a block of data using C (Windows and Linux). The application has to do with Google authentication. The instructions from Google's documentation are:

"Sign the UTF-8 representation of the input using SHA256withRSA (also known as RSASSA-PKCS1-V1_5-SIGN with the SHA-256 hash function) with the private key obtained from the Google Developers Console. The output will be a byte array."

The private key is a .p12 file containing 1660 bytes of binary data.

Do I use the RSA_sign() API for this? If so am I supposed to hash the data first? Using what key value? I assume the RSA * parameter is supposed to hold the private key? How does it get loaded? I have used the HMAC function to generate a SHA hash, but I'm a bit lost here - any help or sample code would be appreciated. (And yes, I know Google has libraries to do this, but none for C, which I need to use).

Improve this question
0

1 Answer 1

Reset to default
5

You can use RSA_sign to sign the data with SHA256 hash. You can call this

RSA_sign(NID_sha256, digest, digest_len, &sign_buffer, sign_len, rsa_key);

You have calculate SHA256 hash of the data into digest buffer. rsa_key should be initialized.

Since, you have .p12 file, you need to do the following.

Create PKCS12 structure from .p12 file.

PKCS12 * p12 = d2i_PKCS12_fp(fp_to_p12_file, NULL);

Parse the p12 structure to certificate and key.

PKCS12_parse(p12, passphrase, &evp_pkey, &x509_cert, NULL);

It will give EVP_PKEY structure from which you can get RSA structure using EVP_PKEY_get1_RSA or access evp_pkey->pkey.rsa member of the structure.

This should help you to start.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks, this is very helpful. I was trying to test this in Windows DLL, and on the call to d2i_PKCS12_fp() I get a runtime error: "OPENSSL_Uplink(03CE1000,08): no OPENSSL_Applink". Reading up on this error, I gather all I should need to do is include "applink.c" in my project, and call CRYPTO_malloc_init(), which I have done, but it has no effect. Any ideas about this?
Did you try OpenSSL_add_all_algorithms first?
No luck with that - I think the basic problem has to do with the memory model of my dll vs. that used in the OpenSSL libraries, specifically with regard to calling the C runtime library for fopen, fread, etc. If there was a way that I could confine file operations to my code, read the .p12 file myself, and just pass a buffer when creating the PKCS12 structure, that would work, but I don't see any option for that.
@Jeff OpenSSL-Windows Applink was designed (only) to allow an EXE to call OpenSSL DLL; it does not work for a caller in a(nother) DLL. Exactly as you suggest, you can read the file yourself and call d2i_PKCS12 (no suffix). DER routines in OpenSSL have 3 variants: i2d_x to memory and d2i_x from memory, i2d_x_fp d2i_x_fp to and from a FILE*, and i2d_x_bio d2i_x_bio to and from a BIO*. This last gives another option: you can call BIO_new_file to open the file from OpenSSL's zone of the C runtime, d2i_x_bio on that, and BIO_free it; that way doesn't need Applink. ...
... See the manpage for d2i_X509/i2d_X509/etc. It lays out the options for X509; although not consistently documented separately for other types, the same pattern applies to them.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.