Hi,
I'm trying to verify a digital signature which I created (and verified)
using OpenSSL (on a different host). The digital signature verifies
correctly via OpenSSL, but I can't, for the life of me, get it to verify it
in Crypto++. On OpenSSL, I did the following:
openssl dgst -sha1 -out <digest> <input_file>
openssl rsautl -sign -in <digest> -out <signature> -inkey <key>
openssl rsautl -verify -in <signature> -out <digest> -inkey <key> -pubin
The digest file looks something like this:
SHA1(license.txt)= 1b9dff5c528f4c17136ff2da1bce5f47b62b54b1
I also have a signature file which is 128 bytes big. I transferred this
file via binary mode from the BSD machine (using openssl) to the Windows
machine (crypto++).
Loading the public key seems to work (it was saved in openssl in "der"
format), but verification always fails. I'd have to admit that I'm unsure
how to go about it though.
First, I'm reading the binary signature file into a byte array:
byte sigBuffer[128] = { 0 };
using fopen/fread
I then create a verifier:
RSASS<PSS, SHA1>::Verifier verifier(keyPub);
and finally verify the message:
bool result = verifier.VerifyMessage( (const byte*)
message.c_str(), message.length(), sigBuffer, 128);
This always returns false.
Can I just load the signature into a byte array and pass that to the
VerifyMessage() function?
What do I specify in the message parameter? Do I specify the
* actual source message which is to be verified? I was assuming so, since
the verifier indicates "SHA1"
* the SHA1 hash "1b9dff5c528f4c17136ff2da1bce5f47b62b54b1"
* the string that OpenSSL generated "SHA1(license.txt)=
1b9dff5c528f4c17136ff2da1bce5f47b62b54b1"
I've tried just about every combination without success. Any insight would
be much appreciated!
Thanks.
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
