Hi there,
I'm using crypto++ according to the RSA-PSSR-Filter-Test.zip example from
this link and it works:
http://marko-editor.com/articles/cryptopp_sign_string/
I'm trying to find something I can use reliably for signing a message with
private key and verifying its origin with public key programmatically in a
Qt app.
I am happy I can actually get the message extracted while verifying the
signature:
StringSource(signature, true,
new SignatureVerificationFilter(
verifier,
new StringSink(recovered),
SignatureVerificationFilter::THROW_EXCEPTION |
SignatureVerificationFilter::PUT_MESSAGE) // SignatureVerificationFilter
); // StringSource
assert(ui->plainTextEdit->toPlainText().toStdString() == recovered);
But SHA1 is unsafe.
Then I found this example with Whirlpool. However, it doesn't seem to
extract the actual original message, just claims to verify it.Does this
code actually verify the message though? The ArraySink usage seems a bit
esoteric to me so I can't tell.
http://marko-editor.com/articles/cryptopp_sign_string/
bool result = false;
Verifier verifier(publicKey);
CryptoPP::StringSource ss2(decodedSignature + aMessage, true,
new CryptoPP::SignatureVerificationFilter(verifier,
new CryptoPP::ArraySink((byte*)&result,
sizeof(result))));
return result;
I tried to convert the code to be similar to the SHA1 example but this does
not extract any message:
CryptoPP::StringSource ss2(decodedSignature, true,
new CryptoPP::SignatureVerificationFilter(verifier,
new StringSink(recovered)));
Is it possible to convert this code with Whirlpool to actually extract the
message from the signature, or is the actual message not contained in the
signature although it appears to be PSSR?
I am also wondering about the usage of 'new' allocations here; does this
code actually leak memory?
My apologies for any erroneous terminology; I am not in the security field.
I hope linking to the full examples instead of attaching to them to this
message is enough, it seemed extraneous to attach files here that are
already publicly available. I already asked this on stackoverflow before,
feel free to respond there if you like.
https://stackoverflow.com/questions/54033029/using-crypto-to-sign-using-private-key-sha1-vs-whirlpool
Kind regards,
Olli Savolainen
--
You received this message because you are subscribed to "Crypto++ Users". More
information about Crypto++ and this group is available at
http://www.cryptopp.com and
http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
