Oops, the first link was supposed to be this, like it is on stack overflow. https://www.cryptopp.com/wiki/Digital_signature
On Saturday, January 12, 2019 at 1:16:27 PM UTC+2, Olli Savolainen wrote: > > Hi there, > > I'm using crypto++ according to the RSA-PSSR-Filter-Test.zip example from > this link and it works: > http://marko-editor.com/articles/cryptopp_sign_string/ > > I'm trying to find something I can use reliably for signing a message with > private key and verifying its origin with public key programmatically in a > Qt app. > > I am happy I can actually get the message extracted while verifying the > signature: > > StringSource(signature, true, > new SignatureVerificationFilter( > verifier, > new StringSink(recovered), > SignatureVerificationFilter::THROW_EXCEPTION | > SignatureVerificationFilter::PUT_MESSAGE) // SignatureVerificationFilter > ); // StringSource > > assert(ui->plainTextEdit->toPlainText().toStdString() == recovered); > > But SHA1 is unsafe. > > Then I found this example with Whirlpool. However, it doesn't seem to > extract the actual original message, just claims to verify it.Does this > code actually verify the message though? The ArraySink usage seems a bit > esoteric to me so I can't tell. > http://marko-editor.com/articles/cryptopp_sign_string/ > > bool result = false; > Verifier verifier(publicKey); > CryptoPP::StringSource ss2(decodedSignature + aMessage, true, > new > CryptoPP::SignatureVerificationFilter(verifier, > new CryptoPP::ArraySink((byte*)&result, > sizeof(result)))); > > return result; > > I tried to convert the code to be similar to the SHA1 example but this > does not extract any message: > > CryptoPP::StringSource ss2(decodedSignature, true, > new CryptoPP::SignatureVerificationFilter(verifier, > new StringSink(recovered))); > > Is it possible to convert this code with Whirlpool to actually extract the > message from the signature, or is the actual message not contained in the > signature although it appears to be PSSR? > > I am also wondering about the usage of 'new' allocations here; does this > code actually leak memory? > > My apologies for any erroneous terminology; I am not in the security field. > I hope linking to the full examples instead of attaching to them to this > message is enough, it seemed extraneous to attach files here that are > already publicly available. I already asked this on stackoverflow before, > feel free to respond there if you like. > > https://stackoverflow.com/questions/54033029/using-crypto-to-sign-using-private-key-sha1-vs-whirlpool > > Kind regards, > Olli Savolainen > > > -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
