1=pod 2 3=head1 NAME 4 5EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm 6 7=head1 SYNOPSIS 8 9 #include <openssl/evp.h> 10 11 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); 12 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, 13 unsigned char *sig, size_t *siglen, 14 const unsigned char *tbs, size_t tbslen); 15 16=head1 DESCRIPTION 17 18The EVP_PKEY_sign_init() function initializes a public key algorithm 19context using key B<pkey> for a signing operation. 20 21The EVP_PKEY_sign() function performs a public key signing operation 22using B<ctx>. The data to be signed is specified using the B<tbs> and 23B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output 24buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then 25before the call the B<siglen> parameter should contain the length of the 26B<sig> buffer, if the call is successful the signature is written to 27B<sig> and the amount of data written to B<siglen>. 28 29=head1 NOTES 30 31EVP_PKEY_sign() does not hash the data to be signed, and therefore is 32normally used to sign digests. For signing arbitrary messages, see the 33L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)> and 34L<EVP_SignInit(3)|EVP_SignInit(3)> signing interfaces instead. 35 36After the call to EVP_PKEY_sign_init() algorithm specific control 37operations can be performed to set any appropriate parameters for the 38operation (see L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>). 39 40The function EVP_PKEY_sign() can be called more than once on the same 41context if several operations are performed using the same parameters. 42 43=head1 RETURN VALUES 44 45EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0 46or a negative value for failure. In particular a return value of -2 47indicates the operation is not supported by the public key algorithm. 48 49=head1 EXAMPLE 50 51Sign data using RSA with PKCS#1 padding and SHA256 digest: 52 53 #include <openssl/evp.h> 54 #include <openssl/rsa.h> 55 56 EVP_PKEY_CTX *ctx; 57 /* md is a SHA-256 digest in this example. */ 58 unsigned char *md, *sig; 59 size_t mdlen = 32, siglen; 60 EVP_PKEY *signing_key; 61 62 /* 63 * NB: assumes signing_key and md are set up before the next 64 * step. signing_key must be an RSA private key and md must 65 * point to the SHA-256 digest to be signed. 66 */ 67 ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); 68 if (!ctx) 69 /* Error occurred */ 70 if (EVP_PKEY_sign_init(ctx) <= 0) 71 /* Error */ 72 if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) 73 /* Error */ 74 if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) 75 /* Error */ 76 77 /* Determine buffer length */ 78 if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) 79 /* Error */ 80 81 sig = OPENSSL_malloc(siglen); 82 83 if (!sig) 84 /* malloc failure */ 85 86 if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) 87 /* Error */ 88 89 /* Signature is siglen bytes written to buffer sig */ 90 91 92=head1 SEE ALSO 93 94L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, 95L<EVP_PKEY_CTX_ctrl(3)|EVP_PKEY_CTX_ctrl(3)>, 96L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, 97L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, 98L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, 99L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, 100L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 101 102=head1 HISTORY 103 104These functions were first added to OpenSSL 1.0.0. 105 106=cut 107