What does EVP_PKEY_CTX_set_signature_md do?
27 views
Skip to first unread message
Stef Bon
Jun 10, 2026, 3:23:46 PM (13 days ago) Jun 10
to openssl-users
Hi,
I'm working on software to sign a message. Now Ive read the example:
but what does EVP_PKEY_CTX_set_signature_md do? The sign function EVP_PKEY_sign does not use the md used for creating the hash, which is the input of this function. In the same page is written:
"Similarly, an RSA implementation usually expects additional details to
be set, like the message digest algorithm that the input is supposed to
be digested with, as well as the padding mode"
Why is that? The sign function accepts the input data as is, and by what digest it is created does not matter to the signing right?
Stef Bon
Tomas Mraz
Jun 11, 2026, 2:32:34 AM (12 days ago) Jun 11
to Stef Bon, openssl-users
Hi Stef,
It really depends on an algorithm. In particular the RSA PKCS#1v1.5
signatures encode the hash algorithm in the signature itself so the
signing operation needs to know the hash algorithm for proper
operation.
Regards,
Tomas Mraz, CTO, OpenSSL Foundation
> --
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org.
> To view this discussion visit
> https://groups.google.com/a/openssl.org/d/msgid/openssl-users/f0cc43a9-4de6-4d70-8d8b-0f97512c61c8n%40openssl.org
> .
--
Tomáš Mráz, Chief Technology Officer, OpenSSL Foundation
We need your support! Help us protect digital privacy… everywhere.
https://openssl.foundation/donate/ways-to-give
It really depends on an algorithm. In particular the RSA PKCS#1v1.5
signatures encode the hash algorithm in the signature itself so the
signing operation needs to know the hash algorithm for proper
operation.
Regards,
Tomas Mraz, CTO, OpenSSL Foundation
> You received this message because you are subscribed to the Google
> Groups "openssl-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to openssl-user...@openssl.org.
> To view this discussion visit
> https://groups.google.com/a/openssl.org/d/msgid/openssl-users/f0cc43a9-4de6-4d70-8d8b-0f97512c61c8n%40openssl.org
> .
--
Tomáš Mráz, Chief Technology Officer, OpenSSL Foundation
We need your support! Help us protect digital privacy… everywhere.
https://openssl.foundation/donate/ways-to-give
Stef Bon
Jun 11, 2026, 4:53:00 AM (12 days ago) Jun 11
to openssl-users, Tomas Mraz, Stef Bon
Ok,
so the signature contains a code about the hashalgorithm used?
I did not know that. Ok that explains it.
Since is also written:
"The functions described here can't be used to combine separate algorithms. In particular, neither EVP_PKEY_CTX_set_signature_md(3) nor the OSSL_PARAM parameter "digest" (OSSL_SIGNATURE_PARAM_DIGEST) can be used to combine a signature algorithm with a hash algorithm to process the input. "
That the hash algo used iis encoded n the signature is not documented.
Stef
Reply all
Reply to author
Forward
0 new messages