On Tue, Feb 27, 2007, Zhuang Yuyao wrote: > Victor Duchovni wrote: > >On Tue, Feb 27, 2007 at 09:52:38AM +0800, Zhuang Yuyao wrote: > > > >>I need to verify a message digest and its signature with a X.509 > >>certificate. As far as I known, the procedure may looks like this: > >>pubkey = X509_get_pubkey(x); > >>rsa = EVP_PKEY_get1_RSA(pkey); > >>RSA_public_decrypt(signature_len, signature, rsa_out, rsa, pad); > >>memcmp(rsa_out, message_digest, message_digest_len); > > > > man EVP_VerifyInit > > > > the original message is required to do > EVP_VerifyInit() > EVP_VerifyUpdate() > EVP_VerifyFinal(). > > but my question is: I do not have the original message but only have the > digest of the message. how can I verify this message digest and its > signature. >
The only algorithm neutral way to do this currently is with the EVP_PKEY_verify() function which is only present in OpenSSL 0.9.9-dev. Previous versions will need algorithm specific solutions but there are only 3 algorithms to cover: RSA, DSA, ECDSA. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
