I finally managed to get the same result with RSA_sign as with CryptSignHash.
The problem was I used the wrong algorithm, nid_SHA1WithRSA instead of
nid_SHA1. When I sign an XML using this signature it also validates.
Thanks to everyone for explaining me everything and helping me with the
stupid
OK, I got your point, I'll ask what they meant by "the same results" then.
You're saying that I'm not competent for this task. As I said before, I'm a
student, and I'm doing this project to get my master degree. Everything
security related is still very new to me, especially because it's in C++,
On Mon March 30 2009, Michael S. Zick wrote:
>
Here is the reference I had in mind (third paragraph):
http://en.wikipedia.org/wiki/Battle_of_Leyte_Gulf#The_Crisis_.E2.80.93_US_Seventh_Fleet.27s_calls_for_help
So much for historical trivia on "don't invent your own protocol".
Mike
> On Mon March
On Mon March 30 2009, Victor Duchovni wrote:
>
- - - snip - - -
>
> Of course to prevent HMAC replay attacks, messages should contain nonces,
> but with protocols using shared secret HMAC signatures, the nonce is
> considered to be part of the message rather than the signature algorithm.
>
That
On Mon, Mar 30, 2009 at 01:57:21PM -0700, David Schwartz wrote:
> > When I sign the same hash with the same certificate I should get the same
> > signature. That sounds pretty logical to me.
>
> Really? So if you sign the same contract twice, the two signatures will be
> precisely identical?
Wel
> David,
> When I sign the same hash with the same certificate I should get the same
> signature. That sounds pretty logical to me.
Really? So if you sign the same contract twice, the two signatures will be
precisely identical?
> The company I'm doing this
> project for also told me that I shoul
On Mon, Mar 30, 2009, Goblin_Queen wrote:
>
> If this is wrong again, could you please tell me what IS the correct way of
> getting the size of sha1_data2? I don't think I know other options than
> sizeof or strlen...
>
>
Well it should be available when you base64 decode the data. For SHA1 it
On Mon, Mar 30, 2009 at 10:39:56AM -0400, Carter Browne wrote:
> Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
>
> #define SHA1_KEY_SIZE 20
>
The EVP message digest interface includes functions to get the digest
size for a given digest algorithm.
int si
Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
#define SHA1_KEY_SIZE 20
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Goblin_Queen wrote:
> If this is wrong again, could you please tell me what IS the correct way of
> getting the size of sha1_data
If this is wrong again, could you please tell me what IS the correct way of
getting the size of sha1_data2? I don't think I know other options than
sizeof or strlen...
Victor Duchovni wrote:
>
> On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
>
>>
>> Thanks for pointing that ou
On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
>
> Thanks for pointing that out Stephen, as I said before, I'm still learning
> C++, so that's why I made such a stupid mistake. I suppose the correct size
> of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
> ins
Thanks for pointing that out Stephen, as I said before, I'm still learning
C++, so that's why I made such a stupid mistake. I suppose the correct size
of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
instead of 4, which sounds more reasonable.
The result is still different,
On Mon, Mar 30, 2009, Goblin_Queen wrote:
>
> This is the code I used to test the signing mechanism:
>
>
>
> void sign_test (const pkcs11h_certificate_t cert) {
>
> string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
> value
>
> unsigned char* sha1_data2;
>
This is the code I used to test the signing mechanism:
void sign_test (const pkcs11h_certificate_t cert) {
string hash = "67Vz7or3fAge1eo0ahO/S1YiCmo="; //test base64 encoded hash
value
unsigned char* sha1_data2;
sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096);
> After lots and lots of testing, trying and debugging I still
> haven't managed
> to get the same results from RSA_sign and CryptSignHash. I've discovered a
> problem with the base64 decoding function i use to decode the
> hash i want to
> sign, so now i get a different signature from RSA_sign bu
> After lots and lots of testing, trying and debugging I still
> haven't managed
> to get the same results from RSA_sign and CryptSignHash. I've discovered a
> problem with the base64 decoding function i use to decode the
> hash i want to
> sign, so now i get a different signature from RSA_sign bu
Hello,
After lots and lots of testing, trying and debugging I still haven't managed
to get the same results from RSA_sign and CryptSignHash. I've discovered a
problem with the base64 decoding function i use to decode the hash i want to
sign, so now i get a different signature from RSA_sign but it
Thanks for the examples. I'm gonna test them now!
Carter Browne wrote:
>
> You need to look at your data to see how the bytes are swapped:
> 3 common patterns:
>
> 1) Even odd bytes are swapped
> 2) The data was treated as 32 bit, one system is little ended and the
> other big ended.
> 3)
On Wed, Mar 18, 2009, Carter Browne wrote:
> You need to look at your data to see how the bytes are swapped:
> 3 common patterns:
>
> 1) Even odd bytes are swapped
> 2) The data was treated as 32 bit, one system is little ended and the
> other big ended.
> 3) The entire buffer is reversed.
You need to look at your data to see how the bytes are swapped:
3 common patterns:
1) Even odd bytes are swapped
2) The data was treated as 32 bit, one system is little ended and the
other big ended.
3) The entire buffer is reversed.
Assume pcBuffer is the char * pointer to your data, uiLen
Yes, I know that, but I don't know how to do that in code. I've found the
following post:
http://stackoverflow.com/questions/105252/how-do-i-convert-between-big-endian-and-little-endian-values-in-c
http://stackoverflow.com/questions/105252/how-do-i-convert-between-big-endian-and-little-endian-valu
On Wed, Mar 18, 2009, Goblin_Queen wrote:
>
> Thanks for your reply, I had thought of that too because my search lead me to
> such an answer. How can I convert a char* from big endian to little endian?
> I googled for conversion examples but I only found conversions for int. I
> know this is prob
Thanks for your reply, I had thought of that too because my search lead me to
such an answer. How can I convert a char* from big endian to little endian?
I googled for conversion examples but I only found conversions for int. I
know this is probably a stupid question, but I'm still learning C++.
On Wed, Mar 18, 2009, Goblin_Queen wrote:
>
> Hello,
>
> I'm writing a program that has to sign a SHA1-hash value. I'm using OpenSSL
> to do this. My program has to do the same thing as another program which
> makes use of Microsoft Crypto API. In that program the method
> "CryptSignHash" was us
24 matches
Mail list logo