[Perl-openssl-users] sign/verify question :

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I'm hoping someone can help me with this- i don't think its  
Crypt::OpenSSL::RSA specific -- i just can't find the spec for the  
algorithm anywhere

I'm using Crypt::OpenSSL::RSA to sign/verify items- all i use are  
generate, sign, verify.

I thought the algorithm was something like

	sub sign { return privatekeyEncrypt( sha1( $text ) ) }

and as such, i expected the signature to be 40characters long ( as  
are sha1 sigs )

instead I get variable length sigs that aren't 'printable', so are  
around 150-200 chars long after i run the result through encode_base64()

i just want to make sure this  is the standard way the RSA algorithm  
works.  with my naiive understanding of RSA and signatures,  i  
expected a signature to be a standard size, as it would be made on a  
digest, not anything larger.  i searched all over for how RSA  
implements signing, but i couldn't find anything of substance, even  
in the openssl docs.

====
		my 	$rsa= Crypt::OpenSSL::RSA->new_private_key($privatekey);
		my 	$signature= encode_base64($rsa->sign($plaintext));

		my 	$rsa= Crypt::OpenSSL::RSA->new_public_key($publickey);
		my 	$works= $rsa->verify( $plaintext , decode_base64($signature) );