I have two programs that sign information. One written in C, and one in
Java. The signature is verified on another program written in C. The C
based apps are using openssl 0.9.6a. The Java program is using standard JDK
functions. The signature that is created by the C based app is verified
using DSA_verify. This seems to be working fine. The signature that is
created by the Java app is verified using the EVP_VerifyFinal function. If I
use the DSA_verify function on the Java created signature, it fails. I use
openssl command line args to have openssl verify a signature placed in a file
created by Java. Here is the command line argument:
openssl dgst -dss1 -verify <PEM Pub key> -signature <DSA Signature created by
java> datafile
is tracing through the code, I found that this command line argument depends
on EVP_VerifyFinal to work.
My question is, how come I need 2 different functions to verify signatures
that originate from the same private key?
Note : The Java app uses a PKCS8 form of the private key and the C app uses a
DER form of the private key.
thanks for any help......
--
Mark Webb
Software Engineer
Dolphin Technology
1300B Floyd Ave
Rome, NY 13440
Phone: (315) 334-4892 x222
Fax: (315) 339-4846
Email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
