Thanks for the info... but was there anything obviously wrong with that test
application that I wrote??
-----Original Message-----
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 22, 2000 6:00 PM
To: [EMAIL PROTECTED]
Subject: Re: CryptoAPI and OpenSSL compatibility
Dicky Liu wrote:
>
> Hi, all,
>
> Currently, we have an existing system running on Windows NT using
> Microsoft's cryptoAPI which has been working okay for us. We now want to
be
> able to connect to this system from a UNIX platform to transfer, sign, and
> validate data. For the UNIX platform, we were intending on using OpenSSL
> for the crypto implementation. The main thing we wanted to be able to do
is
> hash and sign data using CryptSignHash() from the Microsoft side, and
verify
> the signature on the UNIX side using OpenSSL's EVP_Verify (EVP_VerifyInit,
> EVP_VerifyUpdate, EVP_VerifyFinal). We also want to sign with OpenSSL and
> verify with CryptoAPI.
>
> After searching through the archive, I didn't really find a clear case in
> which someone said they had success doing this, but I did find a posting
by
> Jiri Holinek ([EMAIL PROTECTED]) in which he encountered an ASN1 encoding
> problem when he tried to sign and validate across the two crypto
> implementations. I did compare the signatures generated with the same key
> pair from the two platforms, and it wasn't a big endian, little endian
> problem.
>
> Is this even possible, or is there an ASN encoding incompatibility??
>
Yes it can be done, it has been done and yes I've personally done this.
There shouldn't be an ASN1 encoding issue just an endian issue.
Specifically you need to reverse the byte order of the signatures
out of CryptoAPI and reverse the order when you input signatures to
verify with CryptoAPI.
I'm putting it that way because CryptoAPI, for whatever reason,
is non standard. The standards say you use big endian, CryptoAPI
chooses not to.
Of course you could always compile OpenSSL on NT and use that for
both.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
