Dr. Stephen Henson
Sat, 06 Feb 2010 11:51:09 -0800
On Sat, Feb 06, 2010, Jim Welch wrote:
> Hello,
>
> We started working on a project several months ago that has a need for
> signature verification of an xml file. We had completed our tests and
> everything was woking. The provider of the file then sent us a new Public
> Key and said that it is what we will get for the live data. The file will
> not read into our programs (one in C++ and one in Java).
>
> The C code that was working is as follows:
>
> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
> fclose (fp);
>
> if (pkey == NULL)
> {
> error stuff
> }
>
> sigDatEnc = g_base64_decode( (gchar *) sigDat, &sigDatLen);
> EVP_VerifyInit(&md_ctx, EVP_sha512());
> EVP_VerifyUpdate(&md_ctx, xmlDat, strlen((char *) xmlDat));
> err = EVP_VerifyFinal (&md_ctx, sigDatEnc, sigDatLen, pkey);
> free(sigDatEnc);
> EVP_PKEY_free (pkey);
>
> It fails on the PEM_read_PUBKEY by returning a NULL when it tries to read in
> the file. The only help we can get from the provider is the following code
> (Perl) which woks for them:
>
The FAQ tells you how to get more information however... > -----BEGIN RSA PUBLIC KEY----- > MIICCgKCAgEAvW90MggAl07zMvyQdUk18/iOySyY8P/1vqC5XGNvC5aXIvC8UDpU > 2v8EK40SUc0FEqP8g893HgW+yDJa7SF2VyW2IEcnum2yot2ifGHjCDUnea2W5wBO > aFlY9Co9VXDLhRJNQyXyfKCXL/xiM2O2Py1x0+SIXkc1ml2M0x4Fb4QsMO5E2Y6o > 2mRVlPlooDPkj4BijvVX/EiPWpfbQAoidk8urHif5OTdIyqunce6b1Fqz7NH118n > DVQp/Txk6hGtGkHxYCC0biG20+u6XlD9qkYWn2KYqxBxJZvV12YO3pC1kzYAR9Xy > VlCfyHK8pGdcHO8LHZsWR5PeryNBWU14xlOVQsziFE4oMyEiSt00cUQhF+yCLQpr > T7+xvKTGA9YTXfI59LprKMXN5RPCBF5WuQZoxlREQMjhYV+b1rQx1jkkrflA0liF > oTgkrGw5mxk9jlQbFNeY4eVAudF3w2OdVD/N5UNoR+L7Jj1gAJjEV6what uYQrJ9f58h > 7UzsktkHPgROncZGGZLDM/acRbzar3Iv4CK8hnsHrAan8qd7jh9kU8DEXQ1Is2qf > w1/BMX4DPfijY1zboqUbrFwAmq7twoiTJPK+++aYBU7fu5tvRIPIXdziGOkWmrc6 > gjsIQA8GoM4am19VlD6P1inHMa1P4s8Md6AvbeAPkWXGmsYdsHvRDo8CAwEAAQ== > -----END RSA PUBLIC KEY----- That is an RSAPublicKey structure for which you call PEM_read_RSAPublicKey(). That returns an RSA structure which you need to convert to an EVP_PKEY structure using EVP_PKEY_new() and EVP_PKEY_assign_RSA() Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org