RSA PKCS#1 signing: differs from OpenSSL's?

Dean Scarff dos at
Wed Dec 5 09:07:13 CET 2007

libgcrypt 1.2.2's gcry_pk_sign appears to fail an equivalence test
with OpenSSL 0.9.6m's RSA_sign(3).

This is based on the output of
<>, which runs without
aborting and demonstrates that the signatures produced are different.
Is this correct libgcrypt behaviour?  I'd have filed a bug but I'm
unsure if I've just misinterpreted the API.

My understanding is that both routines should be doing the same thing:
adding PKCS#1 block 1 padding including the ASN1DER for MD5, then
using the secret key operation to sign the result.  They should
therefore have equivalent output.  I'm also confident that RSA_sign(3)
is correct.


More information about the Gcrypt-devel mailing list