> From: [email protected] On Behalf Of Sam SunSon
> Sent: Wednesday, 05 October, 2011 04:07
> Yes, SHA1 digest computed on the BB using it's API (class SHA1Digest)
> whatever equals the SHA1 of the same data computed by OpenSSL (SHA1
> function, not commandline).
>
> Here's the piece of code that verifies signature on PC's side:
> int verifyRes = RSA_verify(opensslHashType,(unsigned char
> *)inputData,inputDataLen,(unsigned char *)signatureData,
> signDataLen,key);
> All input data is 100% correct as well as key's public
> exponent and modulus.
> opensslHashType is NID_sha1.
>
And if that call returns 0 what does the errorstack say?
<snip old>
If you want to look at this manually either:
- commandline: get sig and publickey in files and
openssl rsautl -verify -in sig -inkey pubkey -pubin -hexdump
# dft is PKCS1 if it says invalid padding try adding -raw
- program: call RSA_public_decrypt (siglen,sig, outbuf, pubkey,
RSA_PKCS1_PADDING) where outbuf is (at least) the keysize
and look at the output (return value > 0 is length in outbuf)
with for(i=0;i<len;i++)printf("%02x ",buf[i]) or debugger or similar.
If return -1 and errorstack says invalid padding try RSA_NO_PADDING.
Output for default=PKCS1 padding it should be an ASN.1 DER SEQUENCE
of AlgorithmIdentifier for SHA1 then OCTETSTRING of the hash-of-data.
If PKCS1-unpad output is something different, your signer may be
nonstandard. Post it and maybe we (collectively) can figure it out.
If the no-unpad result is garbage, recheck your pubkey matches the
signer; any mismatch even tiny results in effectively random bits.
If it does, and you can't figure out the result from looking at it,
post it and maybe someone will recognize it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
