Re: Verification fails on signature string

Mon, 21 Jan 2008 13:38:28 -0800 

Hi Colin,

> StringSource SignatureFile(aSignature, true, new HexDecoder);
Was the signature run through a hex encoder?

I would also check the result of Signer::SignMessage() with the length
being passed into the verifier. I use code such as follows:

///////////////////////////////////////
// Signature
RSASS< PKCS1v15, SHA >::Signer signer( keys );
...

// Sign...
size_t length = signer.SignMessage( rng, (const byte*) message.c_str(),
    message.length(), signature );

///////////////////////////////////////
// Verification
RSASS< PKCS1v15, SHA >::Verifier verifier( signer );

bool result = verifier.VerifyMessage( (const byte*)message.c_str(),
    message.length(), signature, length );

Jeff

Sorry about not moving this to DSA for you. The stuff I have hanging
around used RSA.

On 1/21/08, Colin Bell <[EMAIL PROTECTED]> wrote:
>
> I have the following function (see below post) I wrote to verify
> signatures.
>
> The line
>
> StringSource SignatureFile(aSignature, true, new HexDecoder);
>
> fails to verify the signature
>
> but.. if I add the signature instead of passing it, it works!
>
> ie: StringSource
> SignatureFile("64237E8311F63386863CCE2BC6BB69E6216B0D569259AE3A10633FDECEAB445BF77569D2BEF0068B",
> true, new HexDecoder);
>
> Can anyone help?
>
> Many thanks
>
> Colin
>
> bool LicenseManager::validate(License license, string publicKey,
> string aSignature){
>        StringSource pubFile(publicKey, true, new HexDecoder);
>        StringSource SignatureFile(aSignature, true, new HexDecoder);
>
>        // Verifier Object
>        DSA::Verifier pub(pubFile);
>
>        if (SignatureFile.MaxRetrievable() != pub.SignatureLength()){
>                cerr << "Problem with the signature\n";
>        return false;
>        }
>
>        SecByteBlock signature(pub.SignatureLength());
>        SignatureFile.Get(signature, signature.size());
>
>        // Setup
>        VerifierFilter *verifierFilter = new VerifierFilter(pub);
>        verifierFilter->Put(signature, pub.SignatureLength());
>
>        // Invoke Verifier
>        string message = license.getFingerprint();
>        cout << "Fingerprint to verify is: \""<< message << "\"\n";
>        StringSource(message, true, verifierFilter);
>
>        if(verifierFilter->GetLastResult()){
>                return true;
>        }
>        else{
>                return false;
>        }
> }
>
[ SNIP ]

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to [EMAIL PROTECTED]
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

Reply via email to