Hi, This makes sense now. Thanks for the links on the pipelining, this helped explain this much better. I was able to use the VerifyMessage just the same as well.
Thanks again for all your help. On Wednesday, November 14, 2012 1:55:14 PM UTC-6, Geoff Beier wrote: > > > > On Wed, Nov 14, 2012 at 2:00 PM, Wizard Of Oz > <[email protected]<javascript:> > > wrote: > >> ? What is the difference between calling "rsautl" on a previously >> generated hash - and doing it with dgst in one step? I'm not a crypto >> specialist as you can see, but trying to understand this better. >> >> rsautl in sign mode just pads whatever input it receives and encrypts it > using the *private* key so that anyone with the *public* key can decrypt > it. When things are working right, this input is a digest, the verifying > party calculates the same digest, and compares the two. > > dgst in sign mode calculates the digest and formats it the way anything > processing pkcs#1v1.5 data will expect, then does the same thing as rsautl. > > You could of course imitate the process using the intermediate digest > file, but you'll need to format it properly. Here's an example of how to do > so, but I'd advise just using dgst :-) > > http://pastebin.com/GVRGn01q > > That's mainly interesting as an exercise in fooling around with openssl's > asn1parse tool (and understanding the structure of the signature), not for > getting things done. > > > I'm also curious why your Crypto++ sample code is not calling >> VerifyMessage(), but instead using the VerifyFilter()? Could I use >> VerifyMessage() just the same? >> >> Because that's what I had sitting around on my drive? It's the same > reason i hardcoded to SHA256 also. The reason I had that around as opposed > to VerifyMessage() is that I frequently use sources, sinks and filters. The > SignatureVerificationFilter class is much more convenient in that case. > VerifyMessage() should work just the same if you've already got your data > in arrays of bytes. > > http://www.cryptopp.com/wiki/Pipelining > > is a good read to get an idea why I might prefer the filter. > > Geoff > -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
