Re: java/openssl

Tue, 01 Apr 2003 14:03:03 -0800 

MD5withRSA on the java side to generate the sig which verifies correctly with Java 
code. On the C side:

 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>

int main ()
{
  int i,err;

  char data[1024]     = "abcdefg";
  EVP_MD_CTX     md_ctx;
  EVP_MD_CTX     mdctx;
  EVP_PKEY *     pkey;
  X509_PUBKEY *  pX509;
  FILE *          fp;
  X509 *        x509;
  unsigned char *der;
unsigned char my_public_key[162]={
// the key goes here, obtained via: openssl x509 -in xyz.cert -inform PEM -C
};
  int sigLen,dataLen;
  BIO *sigFile,*filter,*dataFile;
  unsigned char binSig[1024];

  ERR_load_crypto_strings();
 
  pX509 = X509_PUBKEY_new();
  der = &my_public_key[0];
  if (pX509 == NULL) {
       ERR_print_errors_fp (stderr);
       exit (1);
  }
  d2i_X509_PUBKEY(&pX509, &der, sizeof(my_public_key));

  /* second step, make it into an envelope key */
  pkey = X509_PUBKEY_get(pX509);
  X509_PUBKEY_free(pX509);

  if (pkey == NULL) {
       ERR_print_errors_fp (stderr);
       exit (1);
  }
/*
  dataFile=BIO_new(BIO_s_file());
  BIO_read_filename(dataFile,"data.txt");
  dataLen = BIO_read(dataFile, data, sizeof(data));
  BIO_free(dataFile);
*/
  dataLen = strlen(data);
/* read in the signature, decoding it from base64 */
  sigFile=BIO_new(BIO_s_file());
  BIO_read_filename(sigFile,"/local1/signer/sig.dat");
/*
  filter = BIO_new(BIO_f_base64());
  sigFile = BIO_push(filter, sigFile);
*/
  binSig[0] = '\0';
  sigLen = BIO_read(sigFile, binSig, sizeof(binSig));
  printf("sigLen: %d\n",sigLen);
  sigLen = BIO_read(sigFile, binSig, sizeof(binSig));
  printf("sigLen: %d\n",sigLen);
  BIO_free_all(sigFile);

  printf("data: %s\n",data);
  printf("length: %d\n",strlen((char *)data));

  for (i=0; i<strlen(binSig); i++) { printf("%x,", binSig[i]); }

  EVP_VerifyInit   (&md_ctx, EVP_md5());
  EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
  err = EVP_VerifyFinal (&md_ctx, binSig, sigLen, pkey);
  EVP_PKEY_free (pkey);

  if (err != 1) {
        ERR_print_errors_fp (stderr);
        exit (1);
  }
  printf ("Signature Verified Ok.\n");
  return(0);
}
When ran:

% ./sign

sigLen: 128
data: abcdefg
length: 7
1964:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:216:
55,48,88,c3,e,45,f0,9c,e9,2b,7f,6f,46,b4,73,49,a,51,49,e6,44,54,d1,52,22,2,8,d6,ec,68,a2,66,43,ba,a4,f2,47,76,d5,27,36,d3,38,69,64,12,f,b1,3a,b4,a2,28,75,ba,dd,a4,16,93,6a,98,bc,1d,5f,12,90,5a,d0,4,61,89,ca,18,84,8b,e0,80,cc,1f,64,91,9f,74,e9,43,59,53,27,d8,7d,54,19,f8,44,9d,d2,30,6d,fa,18,ec,62,f7,3f,11,e4,4,24,94,18,94,a9,af,3f,77,d,21,55,bf,6d,54,68,c4,13,fa,17,b2,f4,2a,74,

Your help is most appreciated. I have been working on this far longer
than what it should take.

In message <[EMAIL PROTECTED]>, Michel
le Li writes:
>Um...are you using the exact same algorithm on both side? What about 
>padding schemes? Can you give more details?
>I think as long as the algorithm is totally the same, it shouldn't matter 
>if it is Java generated or openssl generated.
>
>Michelle
>
>
>
>On Tue, 1 Apr 2003, Sly Upah wrote:
>
>> Can anyone point me to source or give me instructions on how I 
>> can verify a Java generated signature? I can create a signature
>> and verify it using pure openssl calls but anything coming from
>> the Java side looks like the bytes are all screwed up. Do I have
>> to do something special to massage the bits?
>> Thanks,
>> Sly
>> 
>> 
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    [EMAIL PROTECTED]
>> Automated List Manager                           [EMAIL PROTECTED]
>> 
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to