On 10 June 2014 15:24, Anant Rao <a...@noknok.com> wrote: > Hi, > > Objective in one-line: > ================= > Verify a signature, given an ECDSA public key in X509 format. > > > Details: > ====== > I read an X509 cert stored on disk. The following are some of its contents: > > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > > ... > ASN1 OID: prime256v1 > Signature Algorithm: ecdsa-with-SHA1 > ... > > > Now, I get some data that is signed by the private key corresponding to the > above public key/cert and I need to verify it. > > Here're some pieces of my code: > > ... > EVP_PKEY *pub_key = X509_get_pubkey(cert); //this is OK > ... > EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why > does it fail? > > The following are the errors from the above VerifyFinal: > > 140310811899840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header > too long:asn1_lib.c:150: > 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad > object header:tasn_dec.c:1306: > 140310811899840:error:0D07803A:asn1 encoding > routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG >
Looks to me like the signature you are passing it is in the wrong format. Where did you get it from? > > So, after reading this page > (http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I realized > I need to extract the EC_POINT out of the above public key. No. There is no need to do this. You only need to worry about the low level EC stuff if you are not using the EVP interface - which you are. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
