Hi Eugene, > First way will throw exception if verification failed, second returns > false. I don't believe this is correct. DEFAULT_FLAGS = SIGNATURE_AT_BEGIN | PUT_RESULT, which *does not* include the THROW_EXCEPTION flag. See filters.h around line 400.
Jeff On Fri, Dec 18, 2009 at 11:29 AM, Eugene Zolenko <[email protected]> wrote: > First way will throw exception if verification failed, second returns > false. > > It is possible to suppress exception I think and get an error code > with some combination of filters and flags. Need to use redirector to > pass in verifier filter without giving up ownership and then check > result of verification. > > Anyway, first one also copies message without signature into output > buffer. > > Use first when you get signed message that you need to process with > other filters as well (encryption, encoding, etc). > > Use second if you have the message already at destination buffer and > you need only to verify it. > > On Dec 18, 4:41 am, Charlie <[email protected]> wrote: >> Hi everybody! >> >> I have a question about ECDSA signature. What's the different between >> signing and verifying in this way: >> >> //Signing >> ECDSA<ECP, SHA1>::PrivateKey privateKey; >> privateKey.Load(...); >> >> AutoSeededRandomPool prng; >> string message = "Yoda said, Do or do not. There is no try."; >> string signature; >> >> StringSource( message, true /*pump all*/, >> new SignerFilter( prng, >> ECDSA<ECP,SHA1>::Signer( privateKey ), >> new StringSink( signature ) >> ) // SignerFilter >> ); // StringSource >> >> //Verifying >> ECDSA<ECP, SHA1>::PublicKey publicKey; >> publicKey.Load(...); >> >> // Result of the verification process >> bool result = false; >> >> // Exactly what was signed in the previous step >> string message = ...; >> // Output from the signing operation in the previous step >> string signature = ...; >> >> StringSource( signature+message, true /*pump all*/, >> new SignatureVerificationFilter( >> ECDSA<ECP,SHA1>::Verifier(publicKey), >> new ArraySink( (byte*)&result, sizeof(result) ) >> ) // SignatureVerificationFilter >> ); >> >> // Verification failure? >> if( !result ) {...} >> >> And in this way: >> >> //Signing... >> ECDSA<ECP, SHA1>::PrivateKey privateKey; >> privateKey.Load(...); >> >> // Message >> string message = "Yoda said, Do or Do Not. There is no try."; >> >> // Signer object >> ECDSA<ECP, SHA1>::Signer signer( privateKey ); >> >> // Create signature space >> size_t length = signer.MaxSignatureLength(); >> SecByteBlock signature( length ); >> >> AutoSeededRandomPool rng; >> >> // Sign message >> signer.SignMessage( rng, (const byte*) message.c_str(), >> message.length(), signature ); >> >> //Verifying... >> ECDSA<ECP, SHA1>::PublicKey publicKey; >> publicKey.Load(...); >> >> // Verifier object >> ECDSA<ECP, SHA1>::Verifier verifier( publicKey ); >> >> // Verify >> bool result = verifier.VerifyMessage( (const byte*)message.c_str(), >> message.length(), signature, signature.size() ); >> >> // Result >> if( true == result ) { >> cout << "Signature on message verified" << endl;} else { >> >> cout << "Message verification failed" << endl; >> >> } >> >> Thanks. > -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
