Signing a hash: CryptoApi or 3rd party lib, what is better

External libraries (GTK, GSL, SDL, Allegro, OpenGL, etc) questions.
Post Reply
Julcar
Posts: 141
Joined: Oct 19, 2010 18:52
Contact:

Signing a hash: CryptoApi or 3rd party lib, what is better

Post by Julcar »

Hello folks,

I need to sign a sha1 or sha256 hash to create a DKIM signature for my emailing system. Looking for solutions I found a lot of examples using OpenSSL, but I would not like to bind to a so overweighted external library as OpenSSL is, so I was looking for other alternatives.

embedTLS, wolfSSL, those are embed libraries with C interfaces, but does not provide precompiled binaries in order to redistribute the product as a library, they're more intended to be embeded inside the C code of other projects, something very difficult with FreeBasic.

Another alternative is to use Native Windows' CryptoApi, whichs seems to be enough powerful, although this way I would be killing portability with non-Windows platforms.

I would like to hear (or read) your thoughs and opinions about this.

Regards.
deltarho[1859]
Posts: 4292
Joined: Jan 02, 2017 0:34
Location: UK
Contact:

Re: Signing a hash: CryptoApi or 3rd party lib, what is better

Post by deltarho[1859] »

RSA might do. Two arguments against RSA is the size of message limit and speed. RSA 3072-bit, with a security strength of 128-bit, will encrypt a SHA256 hash without issue, and it shouldn't take that long to encrypt a SHA256 hash. I use ECDSA 256, with a security strength of 128-bit, because it is much faster than RSA, but that is via Windows 'Cryptography API: Next Generation' which will not suit you.

I cannot help you further because I only code for Windows.
Post Reply