Hi, Objective in one-line: ================= Verify a signature, given an ECDSA public key in X509 format.
Details: ====== I read an X509 cert stored on disk. The following are some of its contents: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) ... ASN1 OID: prime256v1 Signature Algorithm: ecdsa-with-SHA1 ... Now, I get some data that is signed by the private key corresponding to the above public key/cert and I need to verify it. Here're some pieces of my code: ... EVP_PKEY *pub_key = X509_get_pubkey(cert); //this is OK ... EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why does it fail? The following are the errors from the above VerifyFinal: 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: 140310811899840:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG So, after reading this page ( http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized I need to extract the EC_POINT out of the above public key. But, I'm not sure how to do it. Assuming that that's the right approach, I want to do the following: EC_POINT *pub; if(1 != EC_KEY_set_public_key(key, pub)) handleErrors(); Can you help how I can retrieve the EC_POINT out of the public key? If this is not the correct approach at all, could you point what I need to do? Thanks a lot in advance!