thank u. now the runtime error is gone. i shouldn't use "CryptoPP::Integer::SIGNED" (modulus become negative :P) but the result of verification is FALSE...
Actually, i m implement COPP (Certified Output Protection Protocol - http://msdn2.microsoft.com/en-us/library/Aa468617.aspx ) in statement "Verify Signature Procedure" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ The value of the SignatureValue element is computed over the Data element according to the RSASSA-PSS digital signature scheme defined in PKCS #1 version 2.1 (hereinafter referred to as PKCS). To verify this signature, perform the following steps: Decode the Modulus and Exponent values in the Signature/KeyInfo/ KeyValue/RSAKeyValue element. These values define the RSA public key of the signing certificate. Decode the Signature/SignatureValue element. Compute the RSASSA-PSS-Verify operation, defined in section 8.1.2 of PKCS. For the RSASSA-PSS-Verify operation, use the following inputs: (n,e) is the public key from step 1. M is all of the bytes in the Data element, including the <Data> and </ Data> tags that enclose the element. S is the decoded signature value from step 2. The RSASSA-PSS-Verify operation uses the EMSA-PSS-ENCODE operation, defined in section 9.1.1. of PKCS. For this operation, COPP uses the following options: Hash = SHA-1 hLen = 20 MGF (mask generation function) = MGF1 sLen = 0 The mask generation function MGF1 is defined in Appendix B.2 of PKCS. For this function, COPP uses the following options: Hash = SHA-1 hLen = 20 The output of the RSASSA-PSS-Verify operation indicates whether the signature is valid or invalid. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ So, i do the base64-decoding for Modulus, Exponent and SignatureValue. using ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ void Base64Decode(std::string &in, std::string &out) { CryptoPP::StringSource(in, true, new CryptoPP::Base64Decoder(new CryptoPP::StringSink(out))); } ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ and than , convert Modulus and Exponent form std::string to CryptoPP::Integer ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CryptoPP::Integer nModulus((byte*)strModulus64D.c_str(),strModulus64D.size(),CryptoPP::Integer::UNSIGNED); CryptoPP::Integer nExponent((byte*)strExponent64D.c_str(),strExponent64D.size(),CryptoPP::Integer::UNSIGNED); ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ create a verifier, and verify the msg ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CryptoPP::RSASS<CryptoPP::PSS, CryptoPP::SHA>::Verifier verifier(nModulus, nExponent); bool result = verifier.VerifyMessage((const byte*)strData.c_str(), strData.length(), (const byte*)strSignatureValue64D.c_str(), strSignatureValue64D.length()); ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ then i verify 3 certificate which get from driver, but all the result is FALSE. m i doing anything wrong ??? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
