On Wed, May 11, 2005, Andreas Hoffmann wrote:
>
> >To see the format used you can do:
> >
> >openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
> >
> >and post the result. Also try it with the -asn1parse option instead of
> >-hexdump.
> >
> >
> >
> >
> # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
> -asn1parse
> Error in encoding
> 15952:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
> long:asn1_lib.c:132:
>
> # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
> -hexdump
> 0000 - 4f 23 50 15 e1 24 51 a2-4d 86 28 4c 4a 3b 50 29 O#P..$Q.M.(LJ;P)
> 0010 - f0 13 ad 14 ....
>
> this is exactly the expected data:
> 4f235015 e12451a2 4d86284c 4a3b5029 f013ad14
>
> So is there a way to verify the hex-data?
>
Well that means whatever generated that signature is using a non-standard
technique, if it can be made to use PKCS#1 then that would be best. That isn't
hard to do if you've any control over the format.
Alternatively you can manually do the compare. In outline you'd call
RSA_public_decrypt() to obtain the signed digest, check its length is correct,
call EVP_Digest{Init,Update,Final) to calculate the expected digest and
finally compare the two.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
