Re: Difference between RSA_sign and CryptSignHash signature

Goblin_Queen Mon, 30 Mar 2009 06:57:40 -0700

Thanks for pointing that out Stephen, as I said before, I'm still learning
C++, so that's why I made such a stupid mistake. I suppose the correct size
of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
instead of 4, which sounds more reasonable.


The result is still different, but I'll check if I can perhaps validate the
signed XML document now. The ASN1 Viewer tool I downloaded can now read the
generated signature, so it's a start.



Dr. Stephen Henson wrote:
> 
> On Mon, Mar 30, 2009, Goblin_Queen wrote:
> 
>> 
>> This is the code I used to test the signing mechanism:
>> 
>> 
>> 
>> void sign_test (const pkcs11h_certificate_t cert) {
>> 
>>      string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
>> value
>> 
>>      unsigned char* sha1_data2;
>>      sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096);
>> 
>> base64_decode_block(hash.c_str(),strlen(hash.c_str()),(char*)sha1_data2);
>> 
>> 
>>      CK_RV rv;
>>                                       
>>      unsigned char *blob;
>> 
>>      //----------Hoort bij manier 2 en 3 en 4---------------
>>      pkcs11h_openssl_session_t session = pkcs11h_openssl_createSession(cert);
>>      RSA* rsa = pkcs11h_openssl_session_getRSA(session);
>>      blob=(unsigned char*)malloc(RSA_size(rsa));
>> 
>>      //----------Manier 4---------------
>>      unsigned int blobRsaSize; 
>>      int ok =
>> RSA_sign(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,&blobRsaSize,rsa);
>>      int verifyOK =
>> RSA_verify(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,blobRsaSize,rsa);
>> 
> 
> Well the two calls above are clearly wrong. Instead of passing the length
> of
> the decoded hash you are passing the size of the *pointer*.
> 
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Difference-between-RSA_sign-and-CryptSignHash-signature-tp22575898p22783708.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: Difference between RSA_sign and CryptSignHash signature

Reply via email to