Hi OCF-people!
I read the API-documentation of the Signature Card Service. I got a little
confused about the documentation of the *Verfify* functions? For eaxmple the
API says:
----------------------------------------------------------------------------
----------------------
verifySignedData
public boolean verifySignedData(PublicKeyRef publicKey,
java.lang.String signAlgorithm,
byte[] data,
byte[] signature)
throws opencard.core.service.CardServiceException,
java.security.InvalidKeyException,
opencard.core.terminal.CardTerminalException
Verify a digital Signature including hashing. First hash the data, then
pad the hash, apply the PKA algorithm to the
padded hash, then compare the result to the provided signature.
----------------------------------------------------------------------------
-----------------------
In my understandig when you verify signature, you first hash the data and
THEN YOU APPLY THE PKA ALGORITHM (USING SIGNER'S PUBLIC KEY) TO THE
SIGNATURE (DECRYPT) AND THEN COMPARE THE RESULT TO THE HASH VALUE YOU
CALCULATED EARLIER FROM THE DATA.
So, I think that the explanation of all *Verify* functions are incorrect.
Or, miss I something?
Regards,
MaSi
----------------------------------------------------------------------------
---------
Markku Siev�nen Tel: +358 9 8941 4253
Setec Oy Fax: +358 9 878 6133
P. O. Box 31 E-mail: [EMAIL PROTECTED]
FIN-01741 Vantaa
Finland
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
