On Saturday, January 12, 2019 at 6:16:27 AM UTC-5, Olli Savolainen wrote: > > > I'm using crypto++ according to the RSA-PSSR-Filter-Test.zip example from > this link and it works: > http://marko-editor.com/articles/cryptopp_sign_string/ > > I'm trying to find something I can use reliably for signing a message with > private key and verifying its origin with public key programmatically in a > Qt app. >
Also, the library now offers ed25519, which is from Bernstein (and friends). It is the fastest signature scheme available. However, it is not a good choice if you have large messages. I'm guessing this does not apply to you since you are using a PSSR scheme. Here, "large" means big files like ISO's. You will be fine with 32-byte, 4K or 64K messages. Bernstein's signature scheme is a "signature scheme with appendix", meaning you present the message and signature to the verifier. In contrast, you are using a "probabilistic signature scheme with recovery", where the message is interleaved with the signature using a mask function. The recovery only needs the signature because it includes the message. You can use ed25519 just like you use other schemes in a pipeline. We don't have a dedicated wiki page for it yet. I'll put that on my TODO list. However, there is an example in the test suite at ValidateEd25519() (https://github.com/weidai11/cryptopp/blob/master/validat9.cpp#L675) and TestEd25519() (https://github.com/weidai11/cryptopp/blob/master/validat7.cpp#L435). Scroll down to where the RFC 8032 test vector is validated: // RFC 8032 test vector try { // RFC 8032 Ed25519 test vector 3, p. 23 byte sk[] = { 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 }; byte pk[] = { 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 }; const byte exp[] = { 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a }; const byte msg[2] = {0xaf, 0x82}; byte sig[64]; // Test the filter framework ed25519Signer signer(pk, sk); StringSource(msg, sizeof(msg), true, new SignerFilter(NullRNG(), signer, new ArraySink(sig, sizeof(sig)))); if (VerifyBufsEqual(exp, sig, 64) != 0) throw Exception(Exception::OTHER_ERROR, "TestEd25519: SignerFilter"); ed25519Verifier verifier(pk); int flags = SignatureVerificationFilter::THROW_EXCEPTION | SignatureVerificationFilter::SIGNATURE_AT_END; std::string msg_sig = std::string((char*)msg, sizeof(msg)) + std::string((char*)sig, sizeof(sig)); StringSource(msg_sig, true, new SignatureVerificationFilter(verifier, NULLPTR, flags)); // No throw is success } catch(const Exception&) { pass = false; } Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
