At 06:41 PST on 2015-01-12, Dave Fernande wrote:
> If you use AquaticPrime, unfortunately, it does not generate standard > signatures. It manually hashes and then encrypts using the private key. This > sounds like a normal signature, but it is missing some information stored in > standard PKCS #1 v2.0 signatures. This means that Security.framework WILL NOT > be able to verify an AquaticPrime signature. I don’t use Aquatic Prime, but I may have had the same problem with signatures (keys) created by the Crypt::OpenSSL::RSA Perl module. Specifically, I was told that it was missing the ASN.1 header which is required by Section 9.2 of RFC 3447. In boneheaded desperation, in my Perl script, I simply prepended the appropriate 15-byte ASN.1 header onto the message digest before encrypting, and, amazingly, the Security Transform API verified the resulting signature. I've pushed to github.com my C function for validating RSA signatures with Security Transform, based on Apple’s CryptoCompatibility sample. Now features complete error checking and returns NSError. http://github.com/jerrykrinock/Functions/blob/master/SSY-RSA.h http://github.com/jerrykrinock/Functions/blob/master/SSY-RSA.m Just another way to do it :) _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
