Pergunta
I am trying to implement Digital Signature (PKCS7) capability using OpenSSL (version 1.0.1).
I am relatively knew to this.
Using the APIs: PKCS7_sign and PKCS7_verify, I don't know how to set a particular digest and/or encryption algorithm for signing.
PKCS7_sign in turn calls PKCS7_sign_add_signer, whose 4th parameter which represents the digest identifier, has been hard-coded as NULL. This will mean that the default digest algorithm will be used.
So my questions are:
1) What are the digest and encryption algorithms that are used by default?
2) Is there any way to set these defaults? How can that be done?
3) Suppose I sign some data and send it to other party. How will it know the default algorithms used in the signing? [Answered]
Solução
The default digest algorithm is SHA-1, per the OpenSSL documentation.
The "default" algorithm used for signing is determined by the type of key present in the x509 certificate you pass in for the signkey parameter. Generally speaking, this is going to be an RSA key, but it can also be a DSA key.
https://stackoverflow.com/questions/14378190
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian