I ran this command line:
openssl rsautl -verify -in "mysignaturefile.sig" -pubin -inkey "public.key" -asn1parse ...and got this: Loading 'screen' into random state - done RSA operation error 5924:error:0406706C:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data greater than mod len:.\crypto\rsa\rsa_eay.c:660: If the php internal openssl code verifies this signature, and the external openssl.exe binary generates thie listing above, does this indicate a but in openssl.exe? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John M. Simmons Sent: Tuesday, October 16, 2007 12:06 PM To: openssl-users@openssl.org Subject: openssl.exe question I'm attempting to implement some single sign-on code from this site: http://www.single-signon.com/en/single-signon.html I downloaded their PHP-based agent code, and successfully run it on our IIS7 server. The PHP code can use either PHP's internal openssl code, or can be configured to use the external openssl binaries. As implemented, the external openssl utility cannot possibly run correctly because the command line built for it assumes it's running on a Unix-based server. Establishing these results were necessary to determine that the original php code would work. Next, I converted the PHP code to C# (.Net 2.0), and it also runs fine on our IIS7 server. However, I had to come up with a different way to run the external openssl windows binaries. This meant using the following command line: C:\openssl\bin\openssl.exe dgst -sha1 -out "unique_fname.out" -verify "my_public.key" -signature "unique_fname.sig" "unique_fname.dgs" The file "unique_fname.dgs" contains the query string up to - but not including - the signature portion. The file "unique_fname.sig" contains the decoded signature that was passed as part of the query string The file "unique.fname.out" will contain the results of the verification attempt. When I run the original PHP code, the internal openssl module returns "Verify OK" with a given query string/public key/signature. Using my C# code, the external openssl.exe utility returns "Verification Failure" in "unique_fname.out" with the same query string/public key/signature. What could I be doing to prevent openssl from verifying that the signature is valid?
