Yes this should work and does for me. The only setup for RSA_verify itself is that the inputs are correct,
and possibly locking works if you are using multithreading. On most platforms OpenSSL’s provided locking works already, but on some weird systems you might need to tweak it. If you want to handle errors – and you should always want to handle errors – usually you want to use ERR_error_string and/or ERR_print_errors* and those should have ERR_load_*_strings as setup. The nice thing about RSA signatures is that you can debug them. Assuming you have the signature in a file (which using commandline dgst –sign you do) and you have the key in a file (certainly) openssl rsautl –verify –in sigfile –inkey keyfile [-keyform der if needed] –out internal will (contrary to the name) do only part of RSA verify – the RSA modexp and the unpad, but not the ASN.1 parse and compare. Hexdump ‘internal’, or run it through openssl asn1parse –in internal –inform der and you should see an ASN.1 SEQUENCE containing a SEQUENCE of OID and NULL, then an OCTETSTRING containing the hash of the data (compare to plain dgst result). From: [email protected] [mailto:[email protected]] On Behalf Of sundarajan Srinivasan Sent: Thursday, April 17, 2014 22:20 To: [email protected] Subject: *** Spam *** Regarding openssl RSA_verify() api on openssl_1.0.0a Hi, I am using openssl_1.0.0a. My question is about the RSA_verify() api. First of all, can i use the RSA_verify() api to verify a signature which was generated using openssl commandline (openssl dgst -sign -sha256 ) ?. Should RSA_sign() always preceed RSA_verify() or the apis can be interchangeably used with commandline openssl as well?, like can i sign an image with commandline openssl tool and verify it in C code with RSA_verify() using sha256 or sha1?. Secondly im using the api like below. But it doesnt work for me( I get a return value of 0, because ASN1_get_object() in asn1_check_tlen() fails and returns i=128 for the case: ASN1_ITYPE_SEQUENCE). All the parameters to the api are valid. Is there any preliminary setup that should be done before calling RSA_verify() ?. ret = RSA_verify(NID_sha256, digest_ptr, digest_size, signature_ptr, SIGNATURE_SIZE, rsa_key); Need your help to resolve it. Please let me know if you need more info. Thanks, Sundarajan.
