You need to sign in to do that
Don't have an account?
dclaar
Getting salesforce's crypt to match openssl
Anyone have any ideas on how to get the same results from apex and openssl?
Here's my apex code:
private blob encrypt() {
String algorithmName = 'RSA';
String key = 'MIc' +
'key' +
'mouse=';
Blob privateKey = EncodingUtil.base64Decode(key);
Blob input = Blob.valueOf('Donald Duck');
Blob signature = Crypto.sign(algorithmName, input, privateKey);
return signature;
}
I generated the key as follows:
openssl genrsa -out key.pem openssl pkcs8 -topk8 -nocrypt -in key.pem -outform PEM
and copied the private key into the "MIckeymouse=" key in my apex code.
And here's what I'm trying to do in openssl:
fp = fopen("key.pem","rb"); rsa=PEM_read_RSAPrivateKey(fp,NULL, NULL, NULL); license="Donald Duck"; l_len=strlen(license); s_len=RSA_size(rsa); signature=(char *)malloc(s_len); nid=OBJ_txt2nid("rsa-sha1"); RSA_sign(nid,license,l_len,signature,&s_len,rsa); printf("signature: len=%d, value=%s\n",s_len,base64(signature,s_len));
I can't get them to match. I've also tried plain "rsa" as my nid. This gave different results, but they still didn't match.
OK, so the deal is that salesforce is creating a digest and signing that:
The openssl dgst command gives me the same result. So, although the doc says that it is signing, it is really signing the digest. Sigh.