Chapter 7 Public-Key Operations 235
MultiPrime
entry for the AI in use:
Note: If you want to sign using the blinding technique to thwart timing attacks (see
“Timing Attacks and Blinding” on page 95), use
AM_RSA_CRT_ENCRYPT_BLIND
in the algorithm chooser.
B_SignInit is fast, so it is reasonable to pass a properly cast NULL_PTR for the
surrender context:
Step 4: Update
Digest the data to sign with B_SignUpdate, which is described in Chapter 4 of the
Reference Manual. Unless there is an extraordinarily large amount of data (for example,
one megabyte), this function is quick and a
NULL_PTR for the surrender context should
be no problem. Assuming you have your input data and you know its length, your
call would be the following:
Step 5: Final
B_SignUpdate digested the data. Encrypt the digest and output the result to a
signature buffer with
B_SignFinal. The signature will be the same size as the public
modulus, so make sure the output buffer is big enough. The chapter 2 entry of the
Reference Manual on
AI_SHAWithRSAEncryption states that “You may pass
(B_ALGORITHM_OBJ)NULL_PTR for all
randomAlgorithm
arguments.” This function does
not return immediately, so a surrender context can be helpful; for this example use the
B_ALGORITHM_METHOD *SIGN_SAMPLE_CHOOSER[] = {
&AM_SHA,
&AM_RSA_CRT_ENCRYPT,
(B_ALGORITHM_METHOD *)NULL_PTR
};
if ((status = B_SignInit
(digitalSigner, privateKey, SIGN_SAMPLE_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
if ((status = B_SignUpdate
(digitalSigner, inputData, inputDataLen,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
