Re: question on DSA_verify vs EVP_VerifyFinal

Tue, 04 Sep 2001 08:27:07 -0700 

On Saturday 01 September 2001 07:49 am, you wrote:

Thanks for getting back to me.....

What you are saying makes sense, I just do not know why EVP_VerifyFinal 
passes a signature coming from Java, and DSA_verify fails it?  There must be 
some difference between the two.



> "Mark W. Webb" wrote:
> > I have two programs that sign information.  One written in C, and one in
> > Java.  The signature is verified on another program written in C.  The C
> > based apps are using openssl 0.9.6a.  The Java program is using standard
> > JDK functions.  The signature that is created by the C based app is
> > verified using DSA_verify.  This seems to be working fine.  The signature
> > that is created by the Java app is verified using the EVP_VerifyFinal
> > function.  If I use the DSA_verify function on the Java created
> > signature, it fails.  I  use openssl command line args to have openssl
> > verify a signature placed in a file created by Java.  Here is the command
> > line argument:
> >
> > openssl dgst -dss1 -verify <PEM Pub key> -signature <DSA Signature
> > created by java> datafile
> >
> > is tracing through the code, I found that this command line argument
> > depends on  to work.
> >
> > My question is, how come I need 2 different functions to verify
> > signatures that originate from the same private key?
> >
> > Note : The Java app uses a PKCS8 form of the private key and the C app
> > uses a DER form of the private key.
>
> This should be in openssl-users...
>
> Anyway. EVP_Verify*() digests data and then verifies the signature using
> the digest and the relevant public key algorithm. They are high level
> functions in that all you need to do to use a different algorithm is
> change the parameters.
>
> DSA_verify on the other hand is a lower level function that will only
> work with DSA. Also it doesn't do the digesting itself you have to pass
> it the digest rather than the data to be digested.
>
> Steve.

-- 
Mark Webb
Software Engineer
Dolphin Technology
1300B Floyd Ave
Rome, NY 13440
        
Phone: (315) 334-4892 x222
Fax: (315) 339-4846
Email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to