Hello,
----- PŮVODNÍ ZPRÁVA -----
Od: "Dave Thompson" <dthomp...@prinpay.com>
Komu: openssl-users@openssl.org
Předmět: RE: how to (more manually) verify signature in SignedData ?
Datum: 22.1.2013 - 0:33:35
> >
> The RSA-signed value is not just the hash, but a small
> structure encoding it, and pkeyutl needs to be told that.
> Add (at the end) -pkeyopt digest:sha256 .
$ openssl pkeyutl -verify -in signedAttrs-with-SET.sha256 -sigfile sig -certin
-inkey cert.pem -pkeyopt digest:sha256
Signature Verified Successfully
$
Yes :-)))
> Since you're using RSA, you can see this by (instead) doing
> pkeyutl -verifyrecover -in sig -certin&inkey -hexdump .
> You'll see a SEQUENCE of AlgID which is OID=sha256,NULL
> and OCTET STRING which is the actual hash value.
$ openssl pkeyutl -verifyrecover -in sig -certin -inkey cert.pem -hexdump
0000 - 30 31 30 0d 06 09 60 86-48 01 65 03 04 02 01 05 010...`.H.e.....
0010 - 00 04 20 9a 06 83 c6 8f-f4 50 76 8f e7 91 e4 34 .. ......Pv....4
0020 - 7b fb 39 79 3a 80 93 b2-0b 2d a9 07 0f 34 a4 ba {.9y:....-...4..
0030 - 46 9f 67 F.g
$ hexdump <signedAttrs-with-SET.sha256
0000000 069a c683 f48f 7650 e78f e491 7b34 39fb
0000010 3a79 9380 0bb2 a92d 0f07 a434 46ba 679f
Yes - in hash is only little/big-endian encoding difference.
Thank you very much for help!
Best regards
--kapetr
--
- - Reklama - - - - - - - - - - - - - -
Battlestar Galactica Online - kultovní série v nové dimenzi! Člověk proti
Cylonům - vypravte se do bitvy ve vesmíru a zažij akční hru MMOG v pravém 3D na
http://bit.ly/J4Fcer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
