1

OpenSSL's rsautl allows signing with a private key. This is without a hash. Then recovering the signed file with a public key.

I've looked at CryptCreateHash/CryptSignHash/CryptHashData but I'm not sure how to do it. I believe those functions will only sign the hash of the data, not the data itself.

Is there any way I can sign with the private key and no hash involved?

Edit: Made necessary changes from jww's recommendations.

StackPointer
  • 69
  • 1
  • 1
  • 5
  • 2
    Don't use `rsa_private_encrypt` and `rsa_public_decrypt`-like functions. Approach signing as signing, and not in terms of things like "encrypt with the private key" (which is ***not*** a valid cryptographic operation). If you want "encrypt with the private key," then you usually want a [Signature Scheme with Recovery](http://www.google.com/search?q="Signature+Scheme+with+Recovery"). – jww Jun 09 '15 at 02:42
  • Understood. I don't refer to them that way, it's how they are referred to in rsautl. https://www.openssl.org/docs/crypto/rsa.html – StackPointer Jun 09 '15 at 02:44
  • Related, see [RSA_public_decrypt and MS Crypto API equivalent](http://stackoverflow.com/q/14527898). – jww Jun 09 '15 at 02:58
  • Thank you. That was helpful. – StackPointer Jun 09 '15 at 03:00
  • OK, I found an example of doing it with OpenSSL command line tools. See [OpenSSL and MS CryptoAPI: different digital signatures](http://stackoverflow.com/q/8572986). But I'm not sure if `openssl dgst -sign` calls `rsa_private_encrypt`. – jww Jun 09 '15 at 03:15
  • Thank you so much. I realized why the call to CryptCreateHash was failing. Your post helped me out a lot. – StackPointer Jun 09 '15 at 03:20

0 Answers0