On Feb 8, 9:15 pm, "Robert F." <[email protected]> wrote:
> Have an update, maybe a little easier of a problem to answer now.
>
> The PHP code was not set to the PKCS mode, I have fixed that, I have also
> updated my crypto++ code a little more, and am now getting a new and more,
> questionable error.
>
> VerifierFilter: digital signature not valid
>
> here is my code:
>
> bool xxz568::caVerify(std::string message, std::string signature) {
>
> const char * CA_PUBLIC_KEY =
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YP/EBPTQUjsav6Uinz1GZgudRFm6yCzTNM4C6IxMPfOLU4yRzTRKXhJREsc+IcFr09J121Qbe6RttZT8DgEDFf8xRjjWQWndEDkoA5mfF7W3rMhY8erGai2StbS1gONLAnd8xHuHioHoWIrsHwhm8oDw1TQ8rwd7xu/wteOfowIDAQAB";
>
> std::string dec, fin;
> Base64Decode(CA_PUBLIC_KEY, dec);
> HexEncode(dec, fin);
Why is the Base64 key being Hex encoded? You might try dunping the
keys after this operation. See http://www.cryptopp.com/wiki/Keys_and_Formats.
>
> Integer rsaPub(fin.c_str()), rsaexp("65537");
>
> InvertibleRSAFunction certAuth;
> certAuth.SetModulus(rsaPub);
> certAuth.SetPublicExponent(rsaexp);
>
> RSA::PublicKey publicKey(certAuth);
> std::string holder;
>
> try {
> RSASSA_PKCS1v15_SHA_Verifier verifier(publicKey);
> verifier.AccessKey().Initialize(rsaPub, rsaexp);
>
> HexDecode(signature, holder);
>
> StringSource(holder, true,
> new SignatureVerificationFilter(
> verifier, NULL,
> SignatureVerificationFilter::THROW_EXCEPTION
> ) // SignatureVerificationFilter
> ); // StringSource
> }
> catch(CryptoPP::Exception e) {
> cout << e.GetWhat() << endl;
> cout << e.GetErrorType() << endl;
> return false;
> }
>
> return true;
>
> }
>
> here is the updated php code and outputted hex result:
>
> include("../php/Crypt/RSA.php");
>
> $rsa = new Crypt_RSA();
> //extract($rsa->createKey(512));
>
> $plaintext = "terrafrost";
> $rsa->loadKey(CA_private());
>
> $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
> $signature = $rsa->sign($plaintext);
>
> echo "S: ".$signature."<p>";
> echo "H: ".bin2hex($signature)."<p>";
>
> $rsa->loadKey(CA_public());
> echo $rsa->verify($plaintext, $signature) ? 'verified<p>' : 'unverified<p>';
>
> and gives me this:
>
> 34fecdcf4b989f26341856d658cfedf5cb1bb7743834c587b064818b1fcd8de538e58a734c6e895ed44d967c3767fa65033c30992d4770c273895de38e375b27033c36b903b358a827d77424845704ec7fa33775b5d1f24704a8f9646e2f4a9668a10e18c71539c7c0450dc8bf4f82ead4c67879e0e4739e819a11091afac2ee
> --
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
