signature verification problem

Mon, 17 May 2004 02:42:09 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I tried to adapt the sample code from test.cpp to read the
public key and the signed message from a stringSource rather than from a
fileSource, however I seem to be doing something wrong (result is always
an invalid signature), can someone tell me what?

Sourcecode:

#include "cryptlib.h"
#include "filters.h"
#include "base64.h"
#include "files.h"
#include "osrng.h"
#include "pubkey.h"
#include "rsa.h"
#include "sha.h"
#include <iostream>
#include <string>

using namespace std;
using namespace CryptoPP;

int main() {

~  string privkey_fn = "privuser1.key";
~  string message = "blah \n blubb \n blah";
~  string signature = "";
~  string pubkey = "";

~  //This happens somewhere earlier in my code
~  FileSource("pubuser1.key", true,
                     new StringSink(pubkey));


~  //Here I do the signature
~  FileSource privFile(privkey_fn.c_str(), true,
                                new Base64Decoder);
~  RSASSA_PKCS1v15_SHA_Signer priv(privFile);

~  AutoSeededRandomPool rng;

~  StringSource(message, true,
~       new SignerFilter(rng, priv,
          new Base64Encoder(
              new StringSink(signature))));



~  // Here comes the signature verification

~  //Get public key
~  StringSource pubString(pubkey.c_str(), true,
                                   new Base64Decoder);
~  RSASSA_PKCS1v15_SHA_Verifier pub(pubString);

~  //Get signature
~  StringSource sigString(signature.c_str(), true,
                                 new Base64Decoder);
~ if (sigString.MaxRetrievable() != pub.SignatureLength()) {
~   cerr << "Invalid signature length\n";
}
~ SecByteBlock sig(pub.SignatureLength());
~ sigString.Get(sig, sig.size());

~ //Get signed text
~ VerifierFilter *verifierFilter = new VerifierFilter(pub);
~ verifierFilter->Put(sig, pub.SignatureLength());
~ StringSource f(message, true, verifierFilter);

~ if (!(verifierFilter->GetLastResult())) {
~   cerr << "Invalid signature\n";
~ } else {
~   cerr << "none\n";
~ }
};


Thank you in advance,

Ludwig


- --
Ludwig Seitz,
PhD student, LIRIS INSA-Lyon, France.
For contact information see my homepage at http://liris.cnrs.fr/~lseitz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAqIodvkfWH3neoacRAj6zAKCJDDdRLhtTpuQr7sP3yoFDGItrUwCfUG3/
w4IlddM5O0+/y1GlT8CxLQE=
=km+E
-----END PGP SIGNATURE-----

Reply via email to