[xmlsec] RSASSA-PKCS1-v1_5 in OpenSSL/XML Security Library

Szabó Áron aron at ik.bme.hu
Thu Jun 16 01:18:35 PDT 2005


Dear Members,

I've read through manuals of OpenSSL and XML Security Library (as it was
recommended by Rich and Dmitry at OpenSSL mailing list), but I haven't found
anything about the supportation of RSASSA-PKCS1-v1_5 algorithm (as it is
required by W3C XML-Signature Syntax and Processing and IETF RFC 3275 as
xmldsig#rsa-sha1).

In OpenSSL (RSA_sign function in rsa.h) RSA_padding_add_PKCS1_type_1 flag is
described as EMSA-PKCS1-v1_5 but PKCS#1 (IETF RFC 2437) describes that
"RSASSA-PKCS1-v1_5 combines the RSASP1 and RSAVP1 primitives with the
EMSA-PKCS1-v1_5 encoding method".

Generating C14N canonicalized data, and SHA-1 digest works well for me, but
my SignatureValue is not correct (using "sha1 -sign" or "rsautl -sign -pkcs"
functions of OpenSSL), therefore I think that some parameter or flag is not
set, when I create signature (maybe I get EMSA-PKCS1-v1_5 signature as
default? I don't know...). Could you tell me exactly what I should put into
the command line to get RSASSA-PKCS1-v1_5 signature?

Thanks in advance!
Best regards,
Aron

----------------------------------------------------
Aron Szabo, M. Sc.
Research Associate,
Center of Information Technology
Budapest University of Technology and Economics




More information about the xmlsec mailing list