Hello, We started working on a project several months ago that has a need for signature verification of an xml file. We had completed our tests and everything was woking. The provider of the file then sent us a new Public Key and said that it is what we will get for the live data. The file will not read into our programs (one in C++ and one in Java).
The C code that was working is as follows: pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL); fclose (fp); if (pkey == NULL) { error stuff } sigDatEnc = g_base64_decode( (gchar *) sigDat, &sigDatLen); EVP_VerifyInit(&md_ctx, EVP_sha512()); EVP_VerifyUpdate(&md_ctx, xmlDat, strlen((char *) xmlDat)); err = EVP_VerifyFinal (&md_ctx, sigDatEnc, sigDatLen, pkey); free(sigDatEnc); EVP_PKEY_free (pkey); It fails on the PEM_read_PUBKEY by returning a NULL when it tries to read in the file. The only help we can get from the provider is the following code (Perl) which woks for them: #!/usr/bin/perl use Crypt::OpenSSL::Random; use Crypt::OpenSSL::RSA; use MIME::Base64; my $packet = <<EOD; -----BEGIN GLOBAL ENERGY INNOVATIONS LICENSE DATA----- <license_data><mac>00:0D:15:00:74:1A</mac><version>1.0.0</version><serial>EC 1000-0900018</serial><module code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><coo kie>D2940155EEDB6C92E3FD703A63EC4527</cookie><time>1265407356</time></licens e_data> -----BEGIN GLOBAL ENERGY INNOVATIONS SIGNATURE----- JkNJD5EG0o+ioFc67Ud+GWuoCjKHgdi9AzGC3B7yqf1QxBR8B4H5/owRrsgcB/KMjV2VP7drWWWD ETcS60FfYVLsUsakj69tCC8aVZCdkSeXmcvRvva8YzTi5oPzflDC8/o/MrMvy1+o8GgfgPTuAeSy iCGnI0R1KVIWiAeRB859y4WCJ/ME+CB1zWhf+8QawosQzGtrOL+l+8PRQSHxAU1Lr+8VcIQdF7iW MYmeS7YDNZRoxfKHev527oNYlR4ymSzgrgjh7sweNwLVuAIfX89PIGXPRWJYyddeE6au8cgJ2LIK aVU1Kf8MpQfbCm3IKCXgOnGUUGiNclAbOkfI4fR7wwsPM3XyNCtm0vLKZ58bdRC3tUxH3bzveOff +uyYQB+yRRNvhqMFnVtWr9N2Zd67eAkHlMKlJjBz2qyDcyMLk2NcaOJtcerHYmviBZrUaGJ8WvH8 7zb0FGsHzlkyIbaWrwwXAFl/yWxTwh0sti3QObpIFvY6CgsoCktZg2mtWHCdblgydBYer1dHN37h fz54lZAC6m5GpKch/K7ChcfmeSgX/3euybP6ZjcUeeyFp5AGhG9xND/e7XPk93iCzj044PyDoQLG 75ZP00LTIwAkG0Vf2WR6O9gTJovCklP2eKxn4BN7UlM/4S5EUkrW4mbV9f34/qGkhqG8f10Xzig= -----END GLOBAL ENERGY INNOVATIONS SIGNATURE----- EOD my $public_key = <<EOD; -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAvW90MggAl07zMvyQdUk18/iOySyY8P/1vqC5XGNvC5aXIvC8UDpU 2v8EK40SUc0FEqP8g893HgW+yDJa7SF2VyW2IEcnum2yot2ifGHjCDUnea2W5wBO aFlY9Co9VXDLhRJNQyXyfKCXL/xiM2O2Py1x0+SIXkc1ml2M0x4Fb4QsMO5E2Y6o 2mRVlPlooDPkj4BijvVX/EiPWpfbQAoidk8urHif5OTdIyqunce6b1Fqz7NH118n DVQp/Txk6hGtGkHxYCC0biG20+u6XlD9qkYWn2KYqxBxJZvV12YO3pC1kzYAR9Xy VlCfyHK8pGdcHO8LHZsWR5PeryNBWU14xlOVQsziFE4oMyEiSt00cUQhF+yCLQpr T7+xvKTGA9YTXfI59LprKMXN5RPCBF5WuQZoxlREQMjhYV+b1rQx1jkkrflA0liF oTgkrGw5mxk9jlQbFNeY4eVAudF3w2OdVD/N5UNoR+L7Jj1gAJjEV6what uYQrJ9f58h 7UzsktkHPgROncZGGZLDM/acRbzar3Iv4CK8hnsHrAan8qd7jh9kU8DEXQ1Is2qf w1/BMX4DPfijY1zboqUbrFwAmq7twoiTJPK+++aYBU7fu5tvRIPIXdziGOkWmrc6 gjsIQA8GoM4am19VlD6P1inHMa1P4s8Md6AvbeAPkWXGmsYdsHvRDo8CAwEAAQ== -----END RSA PUBLIC KEY----- EOD my ($payload, $signature) = ($packet =~ m{--\n(.*?)--[^\n]+\n(.*?)--}ms); my $decoded_signature = decode_base64($signature); my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($public_key); $rsa_pub->use_sha512_hash(); if ($rsa_pub->verify($payload, $decoded_signature)) { print "Signature verifies.\n"; } else { print "Signature DOES NOT verify.\n"; } My question is -- can anyone tell me what OpenSSL function calls (in both C and Java) are made using this code written in Perl? I suppose a secondary question would be -- what function would read in this Public key from a file as my original code did? Thank you for the help Jim