Hello, > I am now consistently getting an error "0306E06C:bignum routines:BN_mod_inverse:no > inverse" when calling RSA_verify. > > I am still taking the following steps: > > 1) Extracting the 'SignedInfo' node and creating a 20 byte SHA1 hash of the value of it > and its contents. I am confident this is working correctly because I use the same code > for calculating and comparing the DigestValues which is working fine. > 2) Extracting the 'Modulus' and 'Exponent' values and then Base64 decoding both. This > creates a 128 byte modulus and 3 byte exponent. I am also confident this is working > correctly because I am using the Base64 decoding/encoding code elsewhere without problems. > 3) Extracting the 'SignatureValue' value and Base64 decoding it which creates a 128 bytesignature. > 4) Converting (using BN_bin2bn) the Base64 decoded modulus and exponent values and > assigning them to a RSA structure (n and e) with a size of 128 and 3 bytes respectively > i.e rsa_struct_ptr->n = BN_bin2bn(modulus, 128, NULL); rsa_struct_ptr->e = BN_bin2bn > (exponent, 3, NULL); I am calling RSA_new() before I do this. > 5) Calling RSA_Verify with 'NID_sha1', the 20 byte hash (from 1) above) , the 128 byte > signature value (from 3) above) , a signature size of 128, and the previously populated > RSA structure (from 4) above). . > I have looked at the Modulus, Exponent, P, Q, DP, DQ, InverseQ and D values that are > created on the server before the signature is sent to the client. The Modulus and > Exponent values match those that are received on the client. > Is there some step I am doing incorrectly or something I am still missing? Modular inverse is calculated with private keys and with RSA blinding when CRT is used and in modular exponentation. Only third case apply here. My proposition is to test this with steps. First of all you should check if your public key decrypts correctly signature and this signature looks good. You should use RSA_public_decrypt() function and check output. I've attached simple test program which may be adapted for this purpose. As result you should get padded ASN1 structure.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]>
rsa_test13.c
Description: Binary data