Hi! Yes I know that, but in my example below my decrypt function also removes the padding. But my key point was that in the OCF API documentation in the *Verify* functions the signature is the input parameter to the PKA algorithm, not the hash value! MaSi -----Original Message----- From: J. Orlin Grabbe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 09, 1999 9:30 PM To: Siev�nen Markku Cc: 'opencard' Subject: Re: �OCF� Signature Card Service Siev�nen Markku wrote: > (relevant excerpt, full letter below): > In my understandig when you verify signature, you first hash the data and > THEN YOU APPLY THE PKA ALGORITHM (USING SIGNER'S PUBLIC KEY) TO THE > SIGNATURE (DECRYPT) AND THEN COMPARE THE RESULT TO THE HASH VALUE YOU > CALCULATED EARLIER FROM THE DATA. No. After doing the hash (the message digest), the hash value, which is typically 128 or 160 bits long, is padded to bring it up to the length of the key modulus (typically 1024 bits). For a detailed example of the padding, with numbers, see my article "Digital Signatures Illustrated" at http://www.aci.net/kalliste/digsig.htm Orlin Grabbe http://www.aci.net/kalliste/homepage.html -------------- > Hi OCF-people! > > I read the API-documentation of the Signature Card Service. I got a little > confused about the documentation of the *Verfify* functions? For eaxmple the > API says: > > ---------------------------------------------------------------------------- > ---------------------- > verifySignedData > > public boolean verifySignedData(PublicKeyRef publicKey, > java.lang.String signAlgorithm, > byte[] data, > byte[] signature) > throws opencard.core.service.CardServiceException, > java.security.InvalidKeyException, > opencard.core.terminal.CardTerminalException > > Verify a digital Signature including hashing. First hash the data, then > pad the hash, apply the PKA algorithm to the > padded hash, then compare the result to the provided signature. > ---------------------------------------------------------------------------- > ----------------------- > > In my understandig when you verify signature, you first hash the data and > THEN YOU APPLY THE PKA ALGORITHM (USING SIGNER'S PUBLIC KEY) TO THE > SIGNATURE (DECRYPT) AND THEN COMPARE THE RESULT TO THE HASH VALUE YOU > CALCULATED EARLIER FROM THE DATA. > > So, I think that the explanation of all *Verify* functions are incorrect. > > Or, miss I something? > > Regards, > > MaSi > > ---------------------------------------------------------------------------- > --------- > Markku Siev�nen Tel: +358 9 8941 4253 > Setec Oy Fax: +358 9 878 6133 > P. O. Box 31 E-mail: [EMAIL PROTECTED] > FIN-01741 Vantaa > Finland > > Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for > access to documentation, code, presentations, and OCF announcements. > ---------------------------------------------------------------------------- - > To unsubscribe from the OCF Mailing list, send a mail to > "[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the > message. Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for access to documentation, code, presentations, and OCF announcements. ----------------------------------------------------------------------------- To unsubscribe from the OCF Mailing list, send a mail to "[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the message.
