Thanks again Richard for your help. I found out that I was using
std::string::append in my code, and that append stopped reading when it
reached a NULL byte in the signature(which is a valid byte given the hash
function) and that was truncating the signature.
On Fri, Jul 24, 2015 at 3:04 PM,
On 27 July 2015 at 17:30, Andrew Carpenter andrewc...@gmail.com wrote:
Thanks again Richard for your help. I found out that I was using
std::string::append in my code, and that append stopped reading when it
reached a NULL byte in the signature(which is a valid byte given the hash
function)
On 24 July 2015 at 13:32, Andrew Carpenter andrewc...@gmail.com wrote:
So my question is: What format should the signature file be in?
base64? DER? PKCS7? raw binary? Specifically I am talking about the
function EVP_DigestVerifyFinal(), What format should the *sig parameter be
in? The
Well That's interesting. when I download and use your .sig file, I get the
same errors. How do you go about picking up your signature form the file
system?
On Fri, Jul 24, 2015 at 11:55 AM, Richard Moore richmoor...@gmail.com
wrote:
On 24 July 2015 at 13:32, Andrew Carpenter
On 24 July 2015 at 19:30, Andrew Carpenter andrewc...@gmail.com wrote:
Well That's interesting. when I download and use your .sig file, I get
the same errors. How do you go about picking up your signature form the
file system?
Nothing special:
Thanks so much for your response Richard. I appreciate your time. That's
pretty much the same thing I'm doing
On Fri, Jul 24, 2015 at 2:59 PM, Richard Moore richmoor...@gmail.com
wrote:
On 24 July 2015 at 19:30, Andrew Carpenter andrewc...@gmail.com wrote:
Well That's interesting.
Hello,
I am trying to verify a signature using
EVP_digestVerifyInit/Update/Final, and I keep getting the errors
ASN1_get_object:too long or ASN1_CHEKC_TLEN: Bad Object Header or Wrong
Tag, and finally ASN1_ITEM_EX_D2I: Nested asn1 error. I believe that these
errors indicate that the
and was not otherwise doctored. For
instance there should be
no bytes
in the file after the end of the
signature
blob.
2. Verifying
of
the signature
blob.
2. Verifying the
digital
signature (PKCS7_Verify)
3. Confirming that
the executable
is signed by my
of the signature blob.
2. Verifying the digital signature
(PKCS7_Verify)
3. Confirming that the executable is signed
by my
company certificate.
I am stuck on part
.
2. Verifying the digital signature (PKCS7_Verify)
3. Confirming that the executable is signed by my company
certificate.
I am stuck on part (3) and don't see a clean way apart from
matching strings in subject field? If I hard-code
?
In my case, I am the one who is signing the executable using my certificate and a
cross certificate issued by Microsoft and I want to programmatically ensure
following things.
1. Code is not tampered since it was signed (matching messageDigest with
computed hash)
2. Verifying the digital signature
matching digest in spcIndirectData with computed hash. Plus
consistency checks to make sure the signature is actually for a PE file
and was not otherwise doctored. For instance there should be no bytes
in the file after the end of the signature blob.
2. Verifying the digital signature (PKCS7_Verify)
3
the signature is actually for a PE file
and was not otherwise doctored. For instance there should be no bytes
in the file after the end of the signature blob.
2. Verifying the digital signature (PKCS7_Verify)
3. Confirming that the executable is signed by my company certificate.
I am stuck
with computed hash)
Actually matching digest in spcIndirectData with computed hash. Plus
consistency checks to make sure the signature is actually for a PE
file
and was not otherwise doctored. For instance there should be no
bytes
in the file after the end of the signature blob.
2. Verifying the digital
On 07/09/2014 05:43, Prasad Dabak wrote:
Hello,
Given a signed Windows portable executable, I want to programmatically
verify two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using
that company's public key.
It
Hello,
Given a signed Windows portable executable, I want to programmatically verify
two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using that
company's public key.
It seems that part (1) can be done by parsing
On Tue, Apr 13, 2010, Chris Bare wrote:
Additional candidate signer certificates need to be included in the
-verify_other option.
If the OCSP signing certificate is self signed then it needs to be
explicitly
trusted which is the -VAfile option if you use that it will also be
This command works:
openssl ocsp -issuer issuer.pem -VAfile trusted_dir/ocsp_signer.pem -url
http://ocsp.test.com -cert cert.pem -resp_text
but this fails:
openssl ocsp -issuer issuer.pem -CApath trusted_dir -url http://ocsp.test.com
-cert cert.pem -resp_text
with:
On Tue, Apr 13, 2010, Chris Bare wrote:
This command works:
openssl ocsp -issuer issuer.pem -VAfile trusted_dir/ocsp_signer.pem -url
http://ocsp.test.com -cert cert.pem -resp_text
but this fails:
openssl ocsp -issuer issuer.pem -CApath trusted_dir -url http://ocsp.test.com
-cert
Additional candidate signer certificates need to be included in the
-verify_other option.
If the OCSP signing certificate is self signed then it needs to be explicitly
trusted which is the -VAfile option if you use that it will also be searched
as a signer.
doesn't putting it in the
Andreas Hoffmann wrote:
...
md_ctx = EVP_MD_CTX_create();
EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL );
EVP_VerifyUpdate(md_ctx, data, data_length);
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf(An error occured while verifying
verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf(The signature does not match the data\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else {
printf(OK - The signature does match the data\n);
}
But the result
I think that the format of the signature make problem,
normally the standard format of signature is a DER
format.
Abdou,
__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour
The signature contains the value which is extracted from the
socket-datastream and is 128Bytes (1024bit) long.
What is in a signature in DER format? - Is it just the signature itself
or is there additional information?
What do the error-messages mean -
- Is there some problem while verifying
make this test to see exactly what you have as
errors.
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
Abdou,
__
Découvrez le nouveau Yahoo! Mail : 250 Mo
,sig_err);
if (sig_err == -1) {
printf(An error occured while verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf(The signature does not match the data\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else
On Wed, May 11, 2005, Andreas Hoffmann wrote:
The signature contains the value which is extracted from the
socket-datastream and is 128Bytes (1024bit) long.
What is in a signature in DER format? - Is it just the signature itself
or is there additional information?
What do the
To see the format used you can do:
openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
and post the result. Also try it with the -asn1parse option instead of
-hexdump.
# openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
-asn1parse
Error in encoding
On Wed, May 11, 2005, Andreas Hoffmann wrote:
To see the format used you can do:
openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
and post the result. Also try it with the -asn1parse option instead of
-hexdump.
# openssl rsautl -verify -certin -in
(md_ctx, EVP_sha1(), NULL );
EVP_VerifyUpdate(md_ctx, data, data_length);
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf(An error occured while verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err
Hello all,
I'm having troubles verifying a DSA signature created by a java application
with an openSSL application.
When I use an openSSL application that creates this signature, instead of
the java one, everything's working just fine.
The scenario:
The java based application (the client
32 matches
Mail list logo