> -----Ursprüngliche Nachricht----- > Von: Simon Josefsson <[EMAIL PROTECTED]> > Gesendet: 19.03.07 10:03:57 > An: Volker Steiß <[EMAIL PROTECTED]> > CC: [email protected] > Betreff: Re: verify signed data
> Volker Steiß <[EMAIL PROTECTED]> writes: > > > Hello everybody, > > > > I am on a project using public-private-key methods and just tried using > > GnuTLS for this. > > I am stuck at this point and hope someone can help me out: > > First I created a public private key (it's long ago, so I cant tell you how > > I did it exactly). > > I have created a signature with gnutls_x509_privkey_sign_data(PRIV_KEY), > > converted it to readable text with gnutls_hex_encode() and stored the > > result (Data + Signature) into a file. > > Now I want to verify the created data: I read the data and the signature, > > decode the signature with gnutls_hex_decode() and try to verify it with > > gnutls_x509_privkey_verify_data(PUB_KEY). But here I get return code 0, > > which means no success. > > > > Verification overview: > >>>>> - somecode > > init_gnutls () > > ... > > gnutls_hex_decode (&temp, signature.data, &signature.size) > > ... > > gnutls_x509_privkey_init (&key) > > gnutls_x509_privkey_import (key, &key_datum, GNUTLS_X509_FMT_PEM) > > result = gnutls_x509_privkey_verify_data (key, flags, &uid, &signature) > > //result = 0 > > ... > > <<<< - end of somecode > > > > > > Btw: What I realize at "gnutls_hex_decode (&temp, signature.data, > > &signature.size)" is that temp.size is 512 bytes and signature.size also is > > 512. Am I wrong when I say: It should be smaller after decoding? > > Did you check errors from all functions? Hex decoding a 512 byte > string should not give another 512 byte string. Did you allocate a > signature.data buffer before calling gnutls_hex_decode? > > Btw, if you aren't sure that you must use these functions, you > probably want to use a higher-layer message signature format instead > of low-level sign/verify primitives. Standard formats for this is > OpenPGP (try GnuPG) and CMS/SMIME (try gpgsm). > > /Simon > Thanks for reply, I just found out that neither gnutls_hex_decode() nor gnutls_hex_encode() reset the result_size. My work arround for now is to set the size after enoding or decoding to the correct value. Cheers Volker _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&distributionid=000000000066 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
