KB,
You don't need to convert DER to PEM.
a) Use d2i_X509_fp(fp,x509) to read DER directly from the file into an X509
struct.
B) EVP_PKEY *pubKey = NULL;
pubKey = X509_get_pubkey(x509);
// make sure pubKey isn't still NULL
C) int status = 0;
status = X509_verify(x509, pubKey);
EVP_PKEY_free(pubKey);
X509_free(x509);
if (vstatus == 1) // success
Gerry
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of k b
Sent: Friday, July 28, 2006 1:55 AM
To: [email protected]
Subject: How to verify signature data with RSA PKCS1
Hi
i'm trying to verify a signature which is a SHA1 hash of some data,
encrypted with private key with PKCS1 padding.
I have a certificate in DER format .
I think there are 2 ways to do this
Approach One :
a) read the x509 using PEM_read_X509(fp, NULL, NULL, NULL), but there's
a problem here
this function only read a PEM format of the certificate, but
i have DER.
how do i convert DER to PEM ? or is there a corresponding
method like
PEM_read_X509 that works on DER ?
b) moving forward, let say i have the X509, how do get the RSA object
from it ?
c) lets assume i get RSA object (from the answer u may suggest). with
which decrypt the signature. using RSA_public_decrypt(int flen, const
unsigned char
*from, unsigned char *to, RSA *rsa,int padding); passing in the
right padding type PKCS1.
d) step 'c' would give me the hash which is would then compare with my
SHA1 hash of data.
Approach TWO :
a) read the x509 using PEM_read_X509(fp, NULL, NULL, NULL), but i run
into the
same problem here as described in approach one step 'a', on how
to convert DER to PER.
b) let say step 'a' is all sorted out. And i have a X509 object in
hand. I
could just call
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char
*mHash,
const EVP_MD *Hash, const unsigned char *EM, int sLen);
but I have question about some on one of the arguments, what
is the 'sLen' here ? can it be null ?
so sum it all. I'll reiterate the question ...
1) How do i get RSA from an X509 object ?
2) How do i convert DER to PEM or is there a corresponding method to
PEM_read_X509
that work on DER ?
3) RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM, int sLen);
but I have question about some of the arguments, what is the 'sLen'
here ?
I would appreciate any pointer.
KB
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
