Re: question on DSA_verify vs EVP_VerifyFinal

Sat, 01 Sep 2001 18:33:09 -0700 



"Mark W. Webb" wrote:
> 
> I have two programs that sign information.  One written in C, and one in
> Java.  The signature is verified on another program written in C.  The C
> based apps are using openssl 0.9.6a.  The Java program is using standard JDK
> functions.  The signature that is created by the C based app is verified
> using DSA_verify.  This seems to be working fine.  The signature that is
> created by the Java app is verified using the EVP_VerifyFinal function.  If I
> use the DSA_verify function on the Java created signature, it fails.  I  use
> openssl command line args to have openssl verify a signature placed in a file
> created by Java.  Here is the command line argument:
> 
> openssl dgst -dss1 -verify <PEM Pub key> -signature <DSA Signature created by
> java> datafile
> 
> is tracing through the code, I found that this command line argument depends
> on EVP_VerifyFinal to work.
> 
> My question is, how come I need 2 different functions to verify signatures
> that originate from the same private key?
> 
> Note : The Java app uses a PKCS8 form of the private key and the C app uses a
> DER form of the private key.
> 

This should be in openssl-users...

Anyway. EVP_Verify*() digests data and then verifies the signature using
the digest and the relevant public key algorithm. They are high level
functions in that all you need to do to use a different algorithm is
change the parameters.

DSA_verify on the other hand is a lower level function that will only
work with DSA. Also it doesn't do the digesting itself you have to pass
it the digest rather than the data to be digested.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to