Using CALG_SSL3_SHAMD5 in CryptCreateHash and then calling CryptSetHashParam and then calling CryptSignHash did the job for me.
Let me clarify the requirement: 1. As a rule, I provided the private key, using EVP_PKEY, for the OpenSSL function so that it could execute part of the signature. I used to extract the secret key from the Windows certificate store (when the key is marked as exportable). But in one scenario, the private key is not marked as exportable, and I could not get the private key for EVP_PKEY. Thus, I made a modification of the OpenSSL code in the case when the private key is not available, then part of the signature is implemented using CryptoAPI (since CryptoAPI allows signing using such a non-exported key).
So, in my case, the data is completely hashed by OpenSSL (using the md5-sha1 hash). The only thing left for me is to subscribe.
So, the following steps (signed) completed the task:
1. Created hash using Certificate key handle provider and use CALG_SSL3_SHAMD5 algorithm. 2. Using CryptSetHashParam, I set the initial hash value 3. Signed the hash using CryptSignHash. 4. After that, reverse the bytes order (as OpenSSL signature is Big endian mentioned [here][1] which I found after lots of experimenting).
The rest of the OpenSSL code seems pleased with this signature.
doptimusprime
source share