On 08/16/2013 05:30 PM, Ken Goldman wrote:
The usual cause of a padding error is that the private key used to sign
does not correspond to the public key used to verify.
That is, unless you're a newbie to crypto. In that case the error is
that you're passing the length of an encrypted blob using strlen().
The way I typically debug is to do a raw public key operation and trace
the result.
Thanks for your response, Ken.
In my C code, I am able to sign and verify successfully if I use
RSA_sign() and RSA_verify() with a SHA1() hash. Same set of private and
public keys, same test message. And no strlen() on a binary buffer. :-)
However, I'm trying to use a FIPS capable OpenSSL and, in FIPS mode,
I get "Low level API call to digest SHA1 forbidden" when I call SHA1(),
so I switched to using EVP_DigestSign*() and EVP_DigestVerify*()
instead. Then I got the padding error during the verify operation.
--
Thomas J. Pinkl
1002 Elbow Lane
Warrington, PA 18976
T: (215) 491-0761
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
