You're reading from Demystifying Cryptography with OpenSSL 3.0 Discover the best techniques to enhance your network security with OpenSSL 3.0

Product type Paperback

Published in Oct 2022

Publisher Packt

ISBN-13 9781800560345

Length 342 pages

Edition 1st Edition

Languages

Tools

Wireshark

Concepts

Cryptography

Author (1):

Alexei Khlebnikov

Preface

1. Part 1: Introduction

2. Chapter 1: OpenSSL and Other SSL/TLS Libraries FREE CHAPTER

3. Part 2: Symmetric Cryptography

4. Chapter 2: Symmetric Encryption and Decryption

5. Chapter 3: Message Digests

6. Chapter 4: MAC and HMAC

7. Chapter 5: Derivation of an Encryption Key from a Password

8. Part 3: Asymmetric Cryptography and Certificates

9. Chapter 6: Asymmetric Encryption and Decryption

10. Chapter 7: Digital Signatures and Their Verification

11. Chapter 8: X.509 Certificates and PKI

12. Part 4: TLS Connections and Secure Communication

13. Chapter 9: Establishing TLS Connections and Sending Data over Them

14. Chapter 10: Using X.509 Certificates in TLS

15. Chapter 11: Special Usages of TLS

16. Part 5: Running a Mini-CA

17. Chapter 12: Running a Mini-CA

18. Index

19. Other Books You May Enjoy

How to sign programmatically

OpenSSL 3.0 provides the following APIs for digital signatures:

Legacy low-level APIs that consist of functions with algorithm-specific prefixes, such as RSA_, DSA_, and ECDSA_. These APIs have been deprecated since OpenSSL 3.0.
The EVP_PKEY API: This API is not deprecated but is still low level. It is more convenient to use a high-level API.
The EVP_Sign API: This API is high level but has some disadvantages. This API uses the key argument only after the whole input data has been read and hashed. Therefore, if there is a problem with the key, it will be discovered later rather than sooner. Another disadvantage is that this API is inflexible and does not allow you to set signing parameters to PKEY_CTX if the signature algorithm supports them. The OpenSSL documentation does not recommend this API.
The EVP_DigestSign API: This is a high-level API where drawbacks of the EVP_Sign API have been fixed. The OpenSSL documentation recommends...