Has anybody tried to verify under NSS the signature of data signed under OpenSSL and vice versa? Assuming the same RSA public key (modulus and public exponent) and the same signature algorithm (RSA signature with PKCS#1 padding and SHA-1 message digest), we should be able to sign a buffer of unsigned characters using calls from one library and verify the signature using calls from the other library, right?
I tried signing some data under OpenSSL and verifying the signature under NSS, but it didn't seem to work. Here is what I did:
1) generated an RSA key pair with RSA_generate_keys()
2) computed the message digest a string of unsigned characters with sha1()
3) signed the digest with RSA_sign(). The message digest type I specified was NID_sha1.
4) wrote the RSA public key to a buffer in ther DER format with i2d_RSAPublicKey
5) copied the buffer containing the DER public key in a NSS SECItem object
6) used that pbject to obtain a SECKEYPublicKey object with SECKEY_ImportDERPublicKey()
7) used the public key, the digest of the original data and the signature produced by RSA_sign to verify the signature with VFY_VerifyDigest()
The SECOidAlg tag I used with VFY_VerifyDigest() was SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.
VFY_VerifyDigest return something other than SECSuccess.
I didn't specify a wincx with VFY_VerifyDigest, I passed NULL instead of the pointer.
Does anybody have any ideas? I can post my code if anybody wants to look at it...
Thank you,
Peter
P.S. What is the status of the netscape.public.mozzilla.crypto mailing list? Is it officially closed? The posting from the administrator said that we would receive an invitation to join this mailing list, but no such invitation arrived.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
