KB,
Sorry, that assumed you wanted to verify (another) certificate. Once you
have the EVP_PKEY, you can convert that to an RSA key using
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) (see evp.h)
I haven't used that particular call myself, but it should work.
Gerry
-----Original Message-----
From: jones, gerald
Sent: Friday, July 28, 2006 9:05 AM
To: 'openssl-dev@openssl.org'
Subject: RE: How to verify signature data with RSA PKCS1
KB,
You don't need to convert DER to PEM.
a) Use d2i_X509_fp(fp,x509) to read DER directly from the file into an
X509 struct.
B) EVP_PKEY *pubKey = NULL;
pubKey = X509_get_pubkey(x509);
// make sure pubKey isn't still NULL
C) int status = 0;
status = X509_verify(x509, pubKey);
EVP_PKEY_free(pubKey);
X509_free(x509);
if (vstatus == 1) // success
Gerry
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of k b
Sent: Friday, July 28, 2006 1:55 AM
To: openssl-dev@openssl.org
Subject: How to verify signature data with RSA PKCS1
Hi
i'm trying to verify a signature which is a SHA1 hash of some data,
encrypted with private key with PKCS1 padding.
I have a certificate in DER format .
I think there are 2 ways to do this
Approach One :
a) read the x509 using PEM_read_X509(fp, NULL, NULL, NULL), but
there's
a problem here
this function only read a PEM format of the certificate,
but i have DER.
how do i convert DER to PEM ? or is there a
corresponding method like
PEM_read_X509 that works on DER ?
b) moving forward, let say i have the X509, how do get the RSA
object
from it ?
c) lets assume i get RSA object (from the answer u may suggest).
with
which decrypt the signature. using RSA_public_decrypt(int flen, const
unsigned char
*from, unsigned char *to, RSA *rsa,int padding); passing in the
right padding type PKCS1.
d) step 'c' would give me the hash which is would then compare with
my
SHA1 hash of data.
Approach TWO :
a) read the x509 using PEM_read_X509(fp, NULL, NULL, NULL), but i
run
into the
same problem here as described in approach one step 'a', on
how
to convert DER to PER.
b) let say step 'a' is all sorted out. And i have a X509 object
in hand. I
could just call
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char
*mHash,
const EVP_MD *Hash, const unsigned char *EM, int sLen);
but I have question about some on one of the arguments,
what
is the 'sLen' here ? can it be null ?
so sum it all. I'll reiterate the question ...
1) How do i get RSA from an X509 object ?
2) How do i convert DER to PEM or is there a corresponding method to
PEM_read_X509
that work on DER ?
3) RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM, int sLen);
but I have question about some of the arguments, what is the
'sLen'
here ?
I would appreciate any pointer.
KB
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
