Does anyone else have any speculation on why I'm failing the padding check? I'm definitely using the public exponent and public modulus from the CAVP sample request file. After conversion to BIGNUMs, the bytes in the d, top, and dmax fields of each BIGNUM seem to be correct. I don't see anything else in the EVP_Verify*() APIs that are needed to specify the algorithm to be used -- just set specify the hash algorithm and provide the RSA key (inside an EVP_PKEY). Thanks, Paul ________________________________
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Paul Suhler Sent: Saturday, February 27, 2010 6:17 AM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: RE: Verify with RSA Public Key Fails Hi, Mounir. I misspoke. The value of the public exponent is in fact 3. Any idea what is the purpose of the padding check or why it should fail? Thanks, Paul -----Original Message----- From: owner-openssl-us...@openssl.org on behalf of Mounir IDRASSI Sent: Sat 2/27/2010 4:15 AM To: openssl-users@openssl.org Subject: Re: Verify with RSA Public Key Fails Hi Paul, You say that the exponent is 1024 bit long. This means you are using the private exponent because usually the public exponent is much smaller: typically the public exponent is 3 or 65537. So in order to construct your RSA public key, replace the value of the private exponent you are using by the value of the corresponding public exponent. If my guess is correct, then you should be able to verify the signature correctly. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 2/27/2010 3:00 AM, Paul Suhler wrote: > > Hi, everyone. > > In Openssl 0.9.8i, I'm trying to take an RSA public exponent and > public modulus, assemble them into an RSA key, and use that to verify > a signature for a message. However, EVP_VerifyFinal() always fails, > apparently because of the wrong use of padding. > > My code: > > RSA * RsaKeyPtr = RSA_new(); > EVP_PKEY * EvpKeyPtr = EVP_PKEY_new(); > > RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); // > Public modulus n > RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); // > Public key exponent e > EvpKeyPtr->type = EVP_PKEY_RSA; > if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr)) > { > EVP_MD_CTX_init(&MDContext); > if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL)) > { > if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength)) > { > if(EVP_VerifyFinal(&MDContext, SignaturePtr, > SignatureLength, EvpKeyPtr)) > { > ... > > The call stack looks like: > > RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); > ... > RSA_eay_public_decrypt() > RSA_padding_check_PKCS1_type_1() > > and that last function fails. > > Am I assembling the RSA key incorrectly? > > The modulus and exponent are each 1024 bits long and the message and > signature are each 128 bytes long > > Thanks very much, > > Paul > *___________________________________ > Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |* > Office:* 949.856.7748 | _paul.suh...@quantum.com_ > <mailto:paul.suh...@quantum.com> > > ------------------------------------------------------------------------ > The information contained in this transmission may be confidential. > Any disclosure, copying, or further distribution of confidential > information is not permitted unless such privilege is explicitly > granted in writing by Quantum. Quantum reserves the right to have > electronic communications, including email and attachments, sent > across its networks filtered through anti virus and spam software > programs and retain such messages in order to comply with applicable > data security and retention requirements. Quantum is not responsible > for the proper and complete transmission of the substance of this > communication or for any delay in its receipt. -- -- Mounir IDRASSI IDRIX http://www.idrix.fr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
