>RSA_public_decrypt() does return 35 bytes of something that I don't
>know what is. Maybe a hash and some information about the hash algorithm?
>I don't know how to "decode" this returned binary blob?
>One should know signature details. It's hard to guess what
>is 35-bytes-size object. It's not SHA1 or MD5 value.
>My best guess is 36-bytes-long SHA1+MD5
>hash specified for SSL client authentication.
I ASN.1 parsed the 35-byte blob, and it looks like this:
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING
I think I've got it now.
I found another funtion, RSA_verify(), which actually does all the verification.
All you have to do is supply a hash of the signed data.
It only has one downside.... you have to know in advance what algorithm that was used
when signing the data.
Thanks,
Kim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
