Hi, Jeff! Thanks for your answer. This was almost the first thing I did: reversed the byte order, but it doesn't help.
Later I've decided to change cryptoopp to libtomcrypt, and managed to get successfull result on certificate verification. Though I don't know how to test wrong-positive results correctly. So I wonder what may be the problem with Cryptopp? Why it returns false result on verification? Please take a look at the project attached ( http://old.nabble.com/file/p31626550/COPPVerification.tar.gz COPPVerification.tar.gz or here http://www.box.net/shared/n1alcoye69). It doesn't contain cryptopp sources, so please add them once you build it. The "cert_data" folder contains certificate chain. Files data_1.dat, exponent_1.dat, modulus_1.dat, signature_1.dat are the one certificate. All these certificated I receive from MS DirectShow Video Renderer. They are base-64 decoded, except the data_1.dat. libtomcrypt verifyes these certificates successfully, and what's wrong in my use of cryptopp I can't imagine. Regards, Maxwell House Jeffrey Walton-3 wrote: > > > > On May 13, 12:12 am, Maxwell_House <[email protected]> wrote: >> Hello. >> >> I need to verify signature of the certificate I get from Video Mixing >> Renderer (Microsoft Direct Show) through IAMCertifiedOutputProtection >> interface.http://msdn.microsoft.com/en-us/library/aa468617.aspx#validating_the_... >> I call IAMCertifiedOutputProtection::KeyExchange function and get a key >> and >> a certificate. >> >> Every step succedes til I get to RSASSA-PSS verification. I use Crypto++ >> as >> following:http://www.copypastecode.com/70961/?view=lines >> >> And it returns false in cryptopp function >> RecoverMessageFromRepresentative:http://www.copypastecode.com/70957/?view=lines >> Line 29: salt points to padding zero. As the result, byte *M is 19 zero >> bytes before the wanted 0x01 value. >> >> Does someone have an experience in such questions or has any thoughts on >> what may be wrong? Is it a signature or a message, because I cropped the >> message, but still fail on that line. >> > Just a stab in the dark, but I seem to recall that Microsoft likes to > encode its byte arrays using little endian format (for example, > PUBLICKEYBLOB and PRIVATEKEYBLOB). You might try nudging things a bit > with std::reverse (?) before sending into Crypto++. > > Jeff > > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > > -- View this message in context: http://old.nabble.com/RSASSA-PSS-cetificate-verification-%28COPP%29-tp31608380p31626550.html Sent from the Crypto++ Users mailing list archive at Nabble.com. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
