.\"	$OpenBSD: RSA_sign.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
.\"
.Dd $Mdocdate: November 6 2016 $
.Dt RSA_SIGN 3
.Os
.Sh NAME
.Nm RSA_sign ,
.Nm RSA_verify
.Nd RSA signatures
.Sh SYNOPSIS
.In openssl/rsa.h
.Ft int
.Fo RSA_sign
.Fa "int type"
.Fa "const unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigret"
.Fa "unsigned int *siglen"
.Fa "RSA *rsa"
.Fc
.Ft int
.Fo RSA_verify
.Fa "int type"
.Fa "const unsigned char *m"
.Fa "unsigned int m_len"
.Fa "unsigned char *sigbuf"
.Fa "unsigned int siglen"
.Fa "RSA *rsa"
.Fc
.Sh DESCRIPTION
.Fn RSA_sign
signs the message digest
.Fa m
of size
.Fa m_len
using the private key
.Fa rsa
as specified in PKCS #1 v2.0.
It stores the signature in
.Fa sigret
and the signature size in
.Fa siglen .
.Fa sigret
must point to
.Fn RSA_size rsa
bytes of memory.
Note that PKCS #1 adds meta-data, placing limits on the size of the key
that can be used.
See
.Xr RSA_private_encrypt 3
for lower-level operations.
.Pp
.Fa type
denotes the message digest algorithm that was used to generate
.Fa m .
It usually is one of
.Dv NID_sha1 ,
.Dv NID_ripemd160 ,
or
.Dv NID_md5 ;
see
.Xr OBJ_nid2obj 3
for details.
If
.Fa type
is
.Sy NID_md5_sha1 ,
an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and
no algorithm identifier) is created.
.Pp
.Fn RSA_verify
verifies that the signature
.Fa sigbuf
of size
.Fa siglen
matches a given message digest
.Fa m
of size
.Fa m_len .
.Fa type
denotes the message digest algorithm that was used to generate the
signature.
.Fa rsa
is the signer's public key.
.Sh RETURN VALUES
.Fn RSA_sign
returns 1 on success or 0 otherwise.
.Fn RSA_verify
returns 1 on successful verification or 0 otherwise.
.Pp
The error codes can be obtained by
.Xr ERR_get_error 3 .
.Sh SEE ALSO
.Xr ERR_get_error 3 ,
.Xr objects 3 ,
.Xr rsa 3 ,
.Xr RSA_private_encrypt 3 ,
.Xr RSA_public_decrypt 3
.Sh STANDARDS
SSL, PKCS #1 v2.0
.Sh HISTORY
.Fn RSA_sign
and
.Fn RSA_verify
are available in all versions of SSLeay and OpenSSL.