I finally managed to get the same result with RSA_sign as with CryptSignHash.
The problem was I used the wrong algorithm, nid_SHA1WithRSA instead of
nid_SHA1. When I sign an XML using this signature it also validates.
Thanks to everyone for explaining me everything and helping me with the
stupid
OK, I got your point, I'll ask what they meant by the same results then.
You're saying that I'm not competent for this task. As I said before, I'm a
student, and I'm doing this project to get my master degree. Everything
security related is still very new to me, especially because it's in C++,
Hello,
After lots and lots of testing, trying and debugging I still haven't managed
to get the same results from RSA_sign and CryptSignHash. I've discovered a
problem with the base64 decoding function i use to decode the hash i want to
sign, so now i get a different signature from RSA_sign but
After lots and lots of testing, trying and debugging I still
haven't managed
to get the same results from RSA_sign and CryptSignHash. I've discovered a
problem with the base64 decoding function i use to decode the
hash i want to
sign, so now i get a different signature from RSA_sign but
After lots and lots of testing, trying and debugging I still
haven't managed
to get the same results from RSA_sign and CryptSignHash. I've discovered a
problem with the base64 decoding function i use to decode the
hash i want to
sign, so now i get a different signature from RSA_sign but
This is the code I used to test the signing mechanism:
void sign_test (const pkcs11h_certificate_t cert) {
string hash = 67Vz7or3fAge1eo0ahO/S1YiCmo=; //test base64 encoded hash
value
unsigned char* sha1_data2;
sha1_data2 = (unsigned char*)malloc(sizeof(char)*4096);
On Mon, Mar 30, 2009, Goblin_Queen wrote:
This is the code I used to test the signing mechanism:
void sign_test (const pkcs11h_certificate_t cert) {
string hash = 67Vz7or3fAge1eo0ahO/S1YiCmo=; //test base64 encoded hash
value
unsigned char* sha1_data2;
Thanks for pointing that out Stephen, as I said before, I'm still learning
C++, so that's why I made such a stupid mistake. I suppose the correct size
of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
instead of 4, which sounds more reasonable.
The result is still different,
On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
Thanks for pointing that out Stephen, as I said before, I'm still learning
C++, so that's why I made such a stupid mistake. I suppose the correct size
of sha1_data2 is strlen((const char*)sha1_data2), and that gives me 20
instead
If this is wrong again, could you please tell me what IS the correct way of
getting the size of sha1_data2? I don't think I know other options than
sizeof or strlen...
Victor Duchovni wrote:
On Mon, Mar 30, 2009 at 06:57:02AM -0700, Goblin_Queen wrote:
Thanks for pointing that out
Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
#define SHA1_KEY_SIZE 20
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Goblin_Queen wrote:
If this is wrong again, could you please tell me what IS the correct way of
getting the size of
On Mon, Mar 30, 2009 at 10:39:56AM -0400, Carter Browne wrote:
Since it is a fixed size (20 bytes) a define would be appropriate, e.g.
#define SHA1_KEY_SIZE 20
The EVP message digest interface includes functions to get the digest
size for a given digest algorithm.
int size
On Mon, Mar 30, 2009, Goblin_Queen wrote:
If this is wrong again, could you please tell me what IS the correct way of
getting the size of sha1_data2? I don't think I know other options than
sizeof or strlen...
Well it should be available when you base64 decode the data. For SHA1 it will
David,
When I sign the same hash with the same certificate I should get the same
signature. That sounds pretty logical to me.
Really? So if you sign the same contract twice, the two signatures will be
precisely identical?
The company I'm doing this
project for also told me that I should
On Mon, Mar 30, 2009 at 01:57:21PM -0700, David Schwartz wrote:
When I sign the same hash with the same certificate I should get the same
signature. That sounds pretty logical to me.
Really? So if you sign the same contract twice, the two signatures will be
precisely identical?
Well,
On Mon March 30 2009, Victor Duchovni wrote:
- - - snip - - -
Of course to prevent HMAC replay attacks, messages should contain nonces,
but with protocols using shared secret HMAC signatures, the nonce is
considered to be part of the message rather than the signature algorithm.
That usage
On Mon March 30 2009, Michael S. Zick wrote:
Here is the reference I had in mind (third paragraph):
http://en.wikipedia.org/wiki/Battle_of_Leyte_Gulf#The_Crisis_.E2.80.93_US_Seventh_Fleet.27s_calls_for_help
So much for historical trivia on don't invent your own protocol.
Mike
On Mon March 30
Thanks for the examples. I'm gonna test them now!
Carter Browne wrote:
You need to look at your data to see how the bytes are swapped:
3 common patterns:
1) Even odd bytes are swapped
2) The data was treated as 32 bit, one system is little ended and the
other big ended.
3) The
On Wed, Mar 18, 2009, Goblin_Queen wrote:
Hello,
I'm writing a program that has to sign a SHA1-hash value. I'm using OpenSSL
to do this. My program has to do the same thing as another program which
makes use of Microsoft Crypto API. In that program the method
CryptSignHash was used in
Thanks for your reply, I had thought of that too because my search lead me to
such an answer. How can I convert a char* from big endian to little endian?
I googled for conversion examples but I only found conversions for int. I
know this is probably a stupid question, but I'm still learning C++.
On Wed, Mar 18, 2009, Goblin_Queen wrote:
Thanks for your reply, I had thought of that too because my search lead me to
such an answer. How can I convert a char* from big endian to little endian?
I googled for conversion examples but I only found conversions for int. I
know this is probably
Yes, I know that, but I don't know how to do that in code. I've found the
following post:
http://stackoverflow.com/questions/105252/how-do-i-convert-between-big-endian-and-little-endian-values-in-c
You need to look at your data to see how the bytes are swapped:
3 common patterns:
1) Even odd bytes are swapped
2) The data was treated as 32 bit, one system is little ended and the
other big ended.
3) The entire buffer is reversed.
Assume pcBuffer is the char * pointer to your data,
On Wed, Mar 18, 2009, Carter Browne wrote:
You need to look at your data to see how the bytes are swapped:
3 common patterns:
1) Even odd bytes are swapped
2) The data was treated as 32 bit, one system is little ended and the
other big ended.
3) The entire buffer is reversed.
24 matches
Mail list logo
