I am trying to verify a ECDSA signature I have received together with its
public key and the message, but the function VerifyMessage() returns 0 (when
in reality I know it should be verified ok).
The parsed Digital Signature with it's object identifier is:
SEQUENCE :
OBJECT IDENTIFIER : ECDSASignature with SHA-1 [1.2.840.10045.4.1]
NULL :
OCTET STRING :
SEQUENCE : <-- Signature bytes start here (inside OCTET STRING)
INTEGER :
0091C2CBF2B8DEED12C3DA9DCC4AE839EFD66A31281C6D03431F6BA31C
INTEGER :
22D627F4D7C459DD341CB28AB08A6F6FF09B4A6226FB2BD1BD7165EC
The Signature bytes viewed in HEX are:
30 3D 02 1D 00 91 C2 CB F2 B8 DE ED 12 C3 DA 9D
CC 4A E8 39 EF D6 6A 31 28 1C 6D 03 43 1F 6B A3
1C 02 1C 22 D6 27 F4 D7 C4 59 DD 34 1C B2 8A B0
8A 6F 6F F0 9B 4A 62 26 FB 2B D1 BD 71 65 EC
So to validate my tests, I put some code together to sign the message and
then verify its signature. This works ok.
What I noticed as a difference is that the signature format looks quite
different: the original signature I received looks like a sequence with two
integers inside as opposed to the signature I created with crypto++ that
looks like just one large number.
Signature bytes I created in crypto++ viewed in HEX:
2C 57 E9 F3 C2 BB 4E 76 7F 75 C6 C3 78 4B 13 48
A3 1B 9E C4 40 05 54 04 49 5D 5A 48 A8 BF C5 EB
C9 CB B6 A2 90 6F 90 47 41 55 4C D2 68 F4 44 F4
8F 97 83 DF B5 73 E2 59
Note: the public key I created (from the private key that I created) looks
very similar in structure as the public key I received. So I guess that the
length/curve might be similar (secp224r1 or secp224k1).
What could be the structural difference between these 2 signatures? How can
I make it verify in crypto++?
--
View this message in context:
http://www.nabble.com/ECDSA-Signature-problem-t1388840.html#a3731846
Sent from the Crypto++ forum at Nabble.com.
