000023100 - BSAFE and OpenSSL don't produce the same signature with the same input and algorithms

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023100
Applies ToOpenSSL
Crypto-C ME
IssueBSAFE and OpenSSL don't produce the same signature with the same input and algorithms
BSAFE and OpenSSL don't produce the same signature with the same input and algorithms: RSA and SHA1
CauseOpenSSL refers to the RSA + SHA1 signature algorithm by the OIW OID.  Crypto-C ME and other RSA toolkits use the PKCS OID which is quite different.  Since this OID is part of the data that is encrypted with the signer's private key, using a different OID will create a different looking signature.
NotesSince both OIDs are widely recognized, OpenSSL and BSAFE will still be able to verify the signatures produced by the other library, even though they don't look the same.
Legacy Article IDa39108

Attachments

    Outcomes