A failed signature verification can have many causes. E.g.,
- bad digest
- bad signature
- bad public key
- bad OID
I debug by doing a raw public key operation on the signature. If you see
obvious padding and a good OID, and the digest doesn't match, then you
have to debug why the hash that was signed is different from the hash that
was verified.
If you see random data, no padding, then either the signature was altered
(unlikely) or the public key used for verification does not match the
private key used for signing (likely).
Hint: While you can do cool things with C, combining a function call
and two compares within an if statement is poor style when you have to
debug. Split the line into 3 so you can determine where the error is.
owner-openssl-us...@openssl.org wrote on 09/22/2011 09:19:07 AM:
> From: brajan <balamurugan....@gmail.com>
> To: openssl-users@openssl.org
> Date: 09/22/2011 09:22 AM
> Subject: Error While Signature verification ..
> Sent by: owner-openssl-us...@openssl.org
>
>
> hi i am using openssl 0.9.8g version to verify the Java signed message.
while
> verifing i got bad signature error how ever the same signature is
verified
> in the Java correctlu ... erro occur in
>
>
> if (((unsigned int)sig->digest->length != m_len) ||
> (memcmp(m,sig->digest->data,m_len) != 0))
> {
> RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
> }
> else
> ret=1;
>
> why this error occuring .and how to over come this error
