Hi Geoff, Thank you so much for your help, I'm not sure how else I would have been able to resolve this in a timely manner. I was able to utilize your example and get it to work, and even played around substituting files with base64 encoded strings, and that's working as well now.
It looks like in addition to generating the signature incorrectly, I was also ignoring a unix new line character \n in the source file. So, the main culprit then was that I called openssl dgst ... openssl rsautl ... instead of openssl dgst ... -sign ? What is the difference between calling "rsautl" on a previously generated hash - and doing it with dgst in one step? I'm not a crypto specialist as you can see, but trying to understand this better. I'm also curious why your Crypto++ sample code is not calling VerifyMessage(), but instead using the VerifyFilter()? Could I use VerifyMessage() just the same? Thank you so much again, I really appreciate your help & insight. On Wednesday, November 14, 2012 11:57:41 AM UTC-6, Geoff Beier wrote: > > Hi, > > Your approach is producing a very non-standard "signature" that's unlikely > to work with anything else. Here's what you're doing: > > - writing a textual representation of a digest to a file > - using the contents of that file as input to the RSA PKCS#1 v1.5 > signature operation, as if it were a DigestInfo structure > - writing the result of that to a file > - attempting to verify that using crypto++ as if it were a correctly > encoded PSS signature > > If you want to interoperate with, well, anything that's not rsautl, you'll > have to encode the digest before you feed it to the rsa sign operation. The > easiest way to do that in your situation is probably to use the dgst > utility from openssl. > > Here's a simple program that verifies file signatures using crypto++. > Signature algorithm is hardcoded to PKCS#1 v1.5 RSA with SHA-256: > http://pastebin.com/0Ba7Xcve > > Here's a small script that uses openssl to generate a key, sign a file, > verify the file, dump some info about the signature, then verifies it with > the above program: > http://pastebin.com/tji0JPBZ > > HTH, > > Geoff > > > > On Wed, Nov 14, 2012 at 1:42 AM, Wizard Of Oz > <[email protected]<javascript:> > > wrote: > >> Hi, >> >> I'm trying to verify a digital signature which I created (and verified) >> using OpenSSL (on a different host). The digital signature verifies >> correctly via OpenSSL, but I can't, for the life of me, get it to verify it >> in Crypto++. On OpenSSL, I did the following: >> >> openssl dgst -sha1 -out <digest> <input_file> >> openssl rsautl -sign -in <digest> -out <signature> -inkey <key> >> openssl rsautl -verify -in <signature> -out <digest> -inkey <key> -pubin >> >> The digest file looks something like this: >> >> SHA1(license.txt)= 1b9dff5c528f4c17136ff2da1bce5f47b62b54b1 >> >> I also have a signature file which is 128 bytes big. I transferred this >> file via binary mode from the BSD machine (using openssl) to the Windows >> machine (crypto++). >> >> Loading the public key seems to work (it was saved in openssl in "der" >> format), but verification always fails. I'd have to admit that I'm unsure >> how to go about it though. >> >> First, I'm reading the binary signature file into a byte array: >> >> byte sigBuffer[128] = { 0 }; >> >> using fopen/fread >> >> I then create a verifier: >> >> RSASS<PSS, SHA1>::Verifier verifier(keyPub); >> >> and finally verify the message: >> >> bool result = verifier.VerifyMessage( (const byte*) >> message.c_str(), message.length(), sigBuffer, 128); >> >> This always returns false. >> >> Can I just load the signature into a byte array and pass that to the >> VerifyMessage() function? >> >> What do I specify in the message parameter? Do I specify the >> >> * actual source message which is to be verified? I was assuming so, since >> the verifier indicates "SHA1" >> * the SHA1 hash "1b9dff5c528f4c17136ff2da1bce5f47b62b54b1" >> * the string that OpenSSL generated "SHA1(license.txt)= >> 1b9dff5c528f4c17136ff2da1bce5f47b62b54b1" >> >> I've tried just about every combination without success. Any insight >> would be much appreciated! >> >> Thanks. >> >> -- >> You received this message because you are subscribed to the "Crypto++ >> Users" Google Group. >> To unsubscribe, send an email to >> [email protected]<javascript:> >> . >> More information about Crypto++ and this group is available at >> http://www.cryptopp.com. > > > -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
