"Howard Chan" <[EMAIL PROTECTED]> writes:
>
> I have this file which used sha1 hash algorithm to obtain it's message
> digest, and subsequently the digest was encrypted (signed) using RSA
> algorithm with a private key from a X.509 certificate.
>
i don't think you can get a private key from an X509 certificate, may be
you meant a PKCS12.
anyway...
>
>
> Now, I have the original file, the signed message digest (from above),
> and I have the corresponding public key of the X.509 certificate.
>
> My question is; what openssl commands can I use now to verify the
> signature of the signed message digest?
>
OpenSSL provides a set of functions called EVP to sign and verify.
to sign
EVP_PKEY* pkey <---- your private key
EVP_MD_CTX ctx;
EVP_SignInit(&ctx, EVP_sha1());
EVP_SignUpdate(&ctx, your_data, your_data_size); <-- n calls
if (!EVP_SignFinal(&ctx, signature_buffer, &signature_len, pkey))
{
// unable to sign
}
to verify
EVP_PKEY* pkey <---- your public key
EVP_MD_CTX ctx;
EVP_VerifyInit(&ctx, type_);
EVP_VerifyUpdate(&ctx, original_data, original_data_size);
if (EVP_VerifyFinal(&ctx, signature_buffer, signature_size,
pkey) == -1)
{
// unable to verify
}
> I have created the message digest of the original file already. I now
> want to know "what can I do with the signed message digest so that I
> can decrypt it (verify) using the public key?"
>
> After decrypting (verifying) it, am I supposed to get the same message
> digest which I created earlier from the original file?
>
yes, that's it. when you get the signature (the encrypted message
digest) it will be decrypted and compared with the message digest
calculated with data you have provided to verify with.
regards,
aleix
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
