Hi, I am trying to use OpenSSL to independently verify a CKM_ECDSA_SHA1 signature produced by a Safenet protect gold HSM. The signature verification with the error below, however using the HSM ctbrowse tool I can verify the signature being produced. Can anybody out there help me interpret what I'm getting back from the SafeNet device? Or any suggestions how I can validate it using OpenSSL without having a dependency on the HSM / libcryptoki etc?
This is the error I am getting: gm@dev:~/hsm/help$ ./a.out Signature verification: ERROR - error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long dumpasn1 doesn't seem to recognize the structure either: gm@dev:~/hsm/help$ dumpasn1 sig.dat Error: Invalid data encountered at position 2: E4 99. Hexdump of data: 0d0e0a0d0b0e0e0f Hexdump of signature (tool was run against raw format): e49938467bef558e63b25d8460ef753c51dfa3d277beecaeffb23f6c23deb6913de34391990c6150dea05472c91156026898477118b872ec2b26aa326799049c Demo verification source code: http://pastebin.com/PybRp0jq Certificate: -----BEGIN CERTIFICATE----- MIIBxTCCAXECAQEwCwYHKoZIzj0EAQUAMHExEjAQBgNVBAMTCWVjZHNhZGVtbzEQ MA4GA1UEChMHdGVzdG9yZzEUMBIGA1UECxMLdGVzdG9yZ3VuaXQxETAPBgNVBAcT CEJyaXNiYW5lMQwwCgYDVQQIEwNRbGQxEjAQBgNVBAYTCUF1c3RyYWxpYTAeFw0x MTA1MTEwNDIyNDVaFw0xMjA1MTAyMjIyNDVaMHExEjAQBgNVBAMTCWVjZHNhZGVt bzEQMA4GA1UEChMHdGVzdG9yZzEUMBIGA1UECxMLdGVzdG9yZ3VuaXQxETAPBgNV BAcTCEJyaXNiYW5lMQwwCgYDVQQIEwNRbGQxEjAQBgNVBAYTCUF1c3RyYWxpYTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDHDFQ1VOjE4hgdBsE3Qb/BurxJdUMOi Cbzw6Hn5I916NDppDpkEbYy3NXD15KifAF0JIpNalK8Uc3//o8lrIzIwCwYHKoZI zj0EAQUAA0EAGajEF/eDt3qlwdG8Zv1+yhwkrgL44UHsY0JGLog8TWBrNFqg6Qu/ SD3lJJv9g88rKtQs7DNbj5amNI4/kWaMcQ== -----END CERTIFICATE----- OpenSSL versions I've tried: OpenSSL 0.9.8g 19 Oct 2007, OpenSSL 0.9.8o 01 Jun 2010 Platfroms tested: Debian, Ubuntu, & Windows. Many thanks, Grant.
