On Saturday, January 12, 2019 at 6:16:27 AM UTC-5, Olli Savolainen wrote: > > Hi there, > > I'm using crypto++ according to the RSA-PSSR-Filter-Test.zip example from > this link and it works: > http://marko-editor.com/articles/cryptopp_sign_string/ > > I'm trying to find something I can use reliably for signing a message with > private key and verifying its origin with public key programmatically in a > Qt app. > > I am happy I can actually get the message extracted while verifying the > signature: > > StringSource(signature, true, > new SignatureVerificationFilter( > verifier, > new StringSink(recovered), > SignatureVerificationFilter::THROW_EXCEPTION | > SignatureVerificationFilter::PUT_MESSAGE) // SignatureVerificationFilter > ); // StringSource > > assert(ui->plainTextEdit->toPlainText().toStdString() == recovered); > > But SHA1 is unsafe. > > Then I found this example with Whirlpool. However, it doesn't seem to > extract the actual original message, just claims to verify it.Does this > code actually verify the message though? The ArraySink usage seems a bit > esoteric to me so I can't tell. >
The message is verified if an exception is _not_ thrown because of THROW_EXCEPTION. http://marko-editor.com/articles/cryptopp_sign_string/ > > bool result = false; > Verifier verifier(publicKey); > CryptoPP::StringSource ss2(decodedSignature + aMessage, true, > new > CryptoPP::SignatureVerificationFilter(verifier, > new CryptoPP::ArraySink((byte*)&result, > sizeof(result)))); > > return result; > > I tried to convert the code to be similar to the SHA1 example but this > does not extract any message: > > CryptoPP::StringSource ss2(decodedSignature, true, > new CryptoPP::SignatureVerificationFilter(verifier, > new StringSink(recovered))); > > Is it possible to convert this code with Whirlpool to actually extract the > message from the signature, or is the actual message not contained in the > signature although it appears to be PSSR? > We need to see the code that include how the signer and verifier were created, and not just the pipeline. I am also wondering about the usage of 'new' allocations here; does this > code actually leak memory? > No, it does not leak memory. See https://www.cryptopp.com/wiki/Pipelining#Ownership. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
