Hello folks,
I need to sign a sha1 or sha256 hash to create a DKIM signature for my emailing system. Looking for solutions I found a lot of examples using OpenSSL, but I would not like to bind to a so overweighted external library as OpenSSL is, so I was looking for other alternatives.
embedTLS, wolfSSL, those are embed libraries with C interfaces, but does not provide precompiled binaries in order to redistribute the product as a library, they're more intended to be embeded inside the C code of other projects, something very difficult with FreeBasic.
Another alternative is to use Native Windows' CryptoApi, whichs seems to be enough powerful, although this way I would be killing portability with non-Windows platforms.
I would like to hear (or read) your thoughs and opinions about this.
Regards.
Signing a hash: CryptoApi or 3rd party lib, what is better
-
- Posts: 4315
- Joined: Jan 02, 2017 0:34
- Location: UK
- Contact:
Re: Signing a hash: CryptoApi or 3rd party lib, what is better
RSA might do. Two arguments against RSA is the size of message limit and speed. RSA 3072-bit, with a security strength of 128-bit, will encrypt a SHA256 hash without issue, and it shouldn't take that long to encrypt a SHA256 hash. I use ECDSA 256, with a security strength of 128-bit, because it is much faster than RSA, but that is via Windows 'Cryptography API: Next Generation' which will not suit you.
I cannot help you further because I only code for Windows.
I cannot help you further because I only code for Windows.