pfnus wrote: > Hello everybody, > > When Communicator (4.77) called my pkcs11 module during > C_VerifyRecover, > after i have decrypted the signature, i found that the padding is > wrong,(not compliant with PKCS1 format). The first and second byte is > '0', and the third byte is '1', followed by '0xff' until a separator > '0' again. Under PKCS1, > this supposed to be Type 1 format, the 2nd byte should be '1' instead > of 3rd byte. Why the first 2 consecutive bytes are zero in this case > here? This problem always happen under C_VerifyRecover.. anybody has > any ideas? > I'd double check to make sure your bignum library isn't adding the '0' in it's decrypt stage. Netscape's internal PKCS #11 module would reject a signature that was 0 - 0 - 1 - ff - ff -ff... rather then 0 - 1 - ff - ff - ff. one good check is what is the length of the decrypted block (128 or 129). bob
