This project has moved. For the latest updates, please go here.

Quick Question on RSA with SHA256 Signing (What am i missing?)

Aug 4, 2012 at 10:11 PM

I am trying to understand the basics of RSA w/SHA256 hashing.  After reading the RFC docs i get the impression RSA-SHA256 works in this order:

FIRST: Hash the data using SHA256 hashing
SECOND: Use the resulting Hash output to be encrypted by RSA algorthim (sign)

So while using PHP i decided to perform a test.  I first took regular text e.g. "Hello world".  And then i ran it through the hash() function (to output raw binary using sha256..ie. "hash("sha256","Hello World",true);").  Now i used that hashed output and had it signed using RSA (using the openssl tool ie. "openssl dgst -sha256 -sign TestPriv.key -out Signed.bin TestHash.bin").  I then used base64 encoding on the signed output to get a displayable result.  Note that i created an RSA Private key in this signing and this say private key is used in the next paragraph.

NOW, when i compared the result with a function that performs RSA-SHA256 encryption in one step (e.g. crypto libraries that have a "SHA256WithRSAEncryption" feature) on the same original input data (ie. "Hellow World" and use my same private key) and then did a base64 encode on its signed output i noticed that its result did not match mine from the prior paragraph.

Why is that?  Shouldn't the results match perfectly since what i gather RSA is first putting the input data through SHA256 and then it performs its signing.  What i am starting to think is that these libraries that combine the steps are doing more than that...in other words, it isn't just signing the hashed result but doing mroe with the hash.

What am i missing?