I did some more investigation on this and this is what I found:
The Digital Signature I received is in ASN1 as a ECDSA-Sig-Value, where
ECDSA-Sig-Value is derfined in ANS X9.62 as:
ECDSA-Sig-Value ::= SEQUENCE
{
r INTEGER,
s INTEGER
}
So, the signature I received is:
SEQUENCE : <-- Signature bytes start here (inside OCTET STRING)
INTEGER :
0091C2CBF2B8DEED12C3DA9DCC4AE839EFD66A31281C6D03431F6BA31C <--- r
INTEGER :
22D627F4D7C459DD341CB28AB08A6F6FF09B4A6226FB2BD1BD7165EC <---
s
Using OpenSSL I could load the signature into a ECDSA_SIG structure and then
successfully verify it, like:
/* "signature" is the bytes from the ECDSA-Sig-Value DER file */
/* "kpub" is the bytes from the public key in DER */
EVP_PKEY *evpkey = NULL;
evpkey = d2i_PUBKEY(NULL, &kpub, kpubLen);
ECDSA_SIG *sig = d2i_ECDSA_SIG(NULL, &signature, signatureLen);
ret = ECDSA_do_verify(message, messageLen, sig, evpkey->pkey.ec);
Now on crypto++, it seems like the function VerifyMessage() is expecting the
signature not to be in the ECDSA-Sig-Value DER format. From some code I
found (validat2_8.cpp, in the ValidateECDSA() function) it seems like the
signature is the concatenation of the bytes r+s.
I tried to concatenate them, but could not make it work.
Can someone help me out with the format of the signature expected by
VerifyMessage()?
How can I convert from ECDSA-Sig-Value DER bytes into what VerifyMessage()
expects?
Do I have to reverse the bytes somehow before concatenating r+s?
Thank you.
--
View this message in context:
http://www.nabble.com/ECDSA-Signature-problem-t1388840.html#a3765058
Sent from the Crypto++ forum at Nabble.com.
