On Sun, Feb 09, 2003, Ken Murchison wrote: > > > Nils Larsch wrote: > > > > Ken Murchison wrote: > > > What is the correct way to convert a DSA key struct into a u_char buffer > > > for use with EVP_VerifyFinal()? Is there a generic way to do this > > > regardless of the signature key algorithm? The value of the EVP > > > interface seems lost if I have to call different key preparation > > > functions depending on algorithm used for the signature. > > > > EVP_VerifyFinal() expects the public key in a EVP_PKEY structure, > > so why do you want to convert the key into a unsigned char buffer ? > > Perhaps I misunderstood you, so what do you have and what do you > > want to have ? > > Sorry, I misspoke. EVP_VerifyFinal() expects the _signature_ as a > u_char buffer. How do I convert a DSA_SIG structure into a u_char > buffer? For RSA sigs, I just convert the signature value using > BN_bn2bin() (with padding if the length of the sig value < length of > modulus). >
Well one standard for DSA signatures (used by certificates, S/MIME, TLS et al) encodes the signature as the DER encoding of a Dss-Sig-Value structure. Anything following that standard can just feed it directly into EVP_VerifyFinal(). If the format used isn't of that form then you can populate the DSA_SIG structure (which is the same as for Dss-Sig-Value) then follow the normal conventions for determining its encoding: that is call i2d_DSA_SIG(). See the various i2d_XXX manual pages for more info and the FAQ. > This is the part that bothers me. AFAICT the EVP signature API doesn't > abstract the algorithm specific handling of the signature. Is this by > design, an oversight, or am I missing something? > Can you be a bit more specific about what you mean? There are some problems with the EVP signature code in that signatures are linked to digests. As a result you to specify the digest "dss1" for SHA1 with DSA and "sha1" for SHA1 with RSA. This link should be removed at some point so that SHA1 can be used with any signature algorithm that handles it, however its rather hard to change this without making rather large changed to the EVP internals. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
