In the last line use the Integer::Encode function rather than DEREncode. Pass the expected signature length to Encode(), which should be privkey.GetModulus().ByteCount(). RSA signatures are typically not DER encoded, they're just encoded "raw" as a big-endian array of bytes.
On Thu, Jul 24, 2003 at 11:08:43AM +0200, [EMAIL PROTECTED] wrote: > Thank you for your answer but, I'm sorry, my question was very badly asked. > > What I want to do is to perform just the second step of a RSA signature > generation : encrypting a hashcode (generated by another mean, let's say for > example I have a SHA-1 digest of 20 bytes) with a private RSA key. In PKCS > this operation is called RSASP1(private key, message representative). > Basically I think I just need to compute m**d mod n, where (n,d) is the > private RSA key, but I can't find a way to do this directly with CrytoPP > without using a RSA Signer class. RSAES_PKCS1v15_Encryptor is not more > useful since it uses a public key. > Do I have to use InvertibleRSAFunction.CalculateInverse() ? I tried the > following code, which seems wrong because the signature length is said to be > incorrect when verifying : > > RSA::PrivateKey privkey; > FileSource PrivKeyFile(PrivKeyFilename, true, new HexDecoder); > privkey.Load( PrivKeyFile); > > // byte * pHashData pointing to the hashcode > > Integer IHash( pHashData , HashLength ); > std::string str ; > AutoSeededRandomPool rng; > privkey.CalculateInverse(rng, IHash).DEREncode( HexEncoder(new > StringSink(str) )); > > I'm not sure about the use of the Integer, neither about CalculateInverse... > Thanks in advance for any help. > > Regards, > C�dric > > > -----Message d'origine----- > De: Jens Peter Secher [mailto:[EMAIL PROTECTED] > Date: mardi 22 juillet 2003 11:13 > �: [EMAIL PROTECTED] > Objet: Re: Encipher short string with private key > > > [EMAIL PROTECTED] writes: > > > BTW, can anyone tell me how to encipher a short string with a *private* > key > > Look at the Rabin and RW tests in validate2.cpp (only Crypto++ version > 5.1). For these algorithms, the size of the signature from which one > can recover a message is > > min { m + 2h + 16 , k } bits > > where m = message bits, h = hash bits, and k = key size in bits. So if > you want very small signatures, you need to use small keys and small > hash functions. > -- > Jens Peter Secher > _jpsecher get2net dk DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1_
