Hi there, I'm using crypto++ according to the RSA-PSSR-Filter-Test.zip example from this link and it works: http://marko-editor.com/articles/cryptopp_sign_string/
I'm trying to find something I can use reliably for signing a message with private key and verifying its origin with public key programmatically in a Qt app. I am happy I can actually get the message extracted while verifying the signature: StringSource(signature, true, new SignatureVerificationFilter( verifier, new StringSink(recovered), SignatureVerificationFilter::THROW_EXCEPTION | SignatureVerificationFilter::PUT_MESSAGE) // SignatureVerificationFilter ); // StringSource assert(ui->plainTextEdit->toPlainText().toStdString() == recovered); But SHA1 is unsafe. Then I found this example with Whirlpool. However, it doesn't seem to extract the actual original message, just claims to verify it.Does this code actually verify the message though? The ArraySink usage seems a bit esoteric to me so I can't tell. http://marko-editor.com/articles/cryptopp_sign_string/ bool result = false; Verifier verifier(publicKey); CryptoPP::StringSource ss2(decodedSignature + aMessage, true, new CryptoPP::SignatureVerificationFilter(verifier, new CryptoPP::ArraySink((byte*)&result, sizeof(result)))); return result; I tried to convert the code to be similar to the SHA1 example but this does not extract any message: CryptoPP::StringSource ss2(decodedSignature, true, new CryptoPP::SignatureVerificationFilter(verifier, new StringSink(recovered))); Is it possible to convert this code with Whirlpool to actually extract the message from the signature, or is the actual message not contained in the signature although it appears to be PSSR? I am also wondering about the usage of 'new' allocations here; does this code actually leak memory? My apologies for any erroneous terminology; I am not in the security field. I hope linking to the full examples instead of attaching to them to this message is enough, it seemed extraneous to attach files here that are already publicly available. I already asked this on stackoverflow before, feel free to respond there if you like. https://stackoverflow.com/questions/54033029/using-crypto-to-sign-using-private-key-sha1-vs-whirlpool Kind regards, Olli Savolainen -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.