Thanks for pointing that out Stephen, as I said before, I'm still learning C++, so that's why I made such a stupid mistake. I suppose the correct size of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20 instead of 4, which sounds more reasonable.
The result is still different, but I'll check if I can perhaps validate the signed XML document now. The ASN1 Viewer tool I downloaded can now read the generated signature, so it's a start. Dr. Stephen Henson wrote: > > On Mon, Mar 30, 2009, Goblin_Queen wrote: > >> >> This is the code I used to test the signing mechanism: >> >> >> >> void sign_test (const pkcs11h_certificate_t cert) { >> >> string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash >> value >> >> unsigned char* sha1_data2; >> sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096); >> >> base64_decode_block(hash.c_str(),strlen(hash.c_str()),(char*)sha1_data2); >> >> >> CK_RV rv; >> >> unsigned char *blob; >> >> //----------Hoort bij manier 2 en 3 en 4--------------- >> pkcs11h_openssl_session_t session = pkcs11h_openssl_createSession(cert); >> RSA* rsa = pkcs11h_openssl_session_getRSA(session); >> blob=(unsigned char*)malloc(RSA_size(rsa)); >> >> //----------Manier 4--------------- >> unsigned int blobRsaSize; >> int ok = >> RSA_sign(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,&blobRsaSize,rsa); >> int verifyOK = >> RSA_verify(NID_sha1WithRSA,sha1_data2,sizeof(sha1_data2),blob,blobRsaSize,rsa); >> > > Well the two calls above are clearly wrong. Instead of passing the length > of > the decoded hash you are passing the size of the *pointer*. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/Difference-between-RSA_sign-and-CryptSignHash-signature-tp22575898p22783708.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org