On Thu, May 30, 2002 at 03:35:51PM +0200, Hellan,Kim KHE wrote: >... > > I have been looking at the RSA_public_decrypt() function, but I'm not quite sure >how it works. > > How can I verify a signature without specifying what was signed in the first place? > > >Public key is normally used to recover the digest of > >something-to-be->signed and memcmp() it to another one. > >That is, one need a hash of a document, > >not necessary the document. > > I have looked in the rsautl application, and there they seem to use >RSA_public_decrypt() to verify a signature.
Actually, to recover the hash to be memcmp() later > I have tried to use this function and it does work somehow (not sure exactly what it >does though). If I change one bit in the binary blob, the verification >(RSA_public_decrypt) fails. Given ciphertext change, padding check would fail on plaintext recovered. Well, padding check is a required step while signature verification > RSA_public_decrypt() does return 35 bytes of something that I don't know what is. >Maybe a hash and some information about the hash algorithm? > I don't know how to "decode" this returned binary blob? One should know signature details. It's hard to guess what is 35-bytes-size object. It's not SHA1 or MD5 value. My best guess is 36-bytes-long SHA1+MD5 hash specified for SSL client authentication. How that signature was created? hope this makes some progress, Vadim > > TIA, > Kim > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
