A failed signature verification can have many causes. E.g.,
- bad digest
- bad signature
- bad public key
- bad OID
I debug by doing a raw public key operation on the signature. If you see
obvious padding and a good OID, and the digest doesn't match, then you
have to debug why the hash that was signed is different from the hash that
was verified.
If you see random data, no padding, then either the signature was altered
(unlikely) or the public key used for verification does not match the
private key used for signing (likely).
Hint: While you can do cool things with C, combining a function call
and two compares within an if statement is poor style when you have to
debug. Split the line into 3 so you can determine where the error is.
owner-openssl-us...@openssl.org wrote on 09/22/2011 09:19:07 AM:
From: brajan balamurugan@gmail.com
To: openssl-users@openssl.org
Date: 09/22/2011 09:22 AM
Subject: Error While Signature verification ..
Sent by: owner-openssl-us...@openssl.org
hi i am using openssl 0.9.8g version to verify the Java signed message.
while
verifing i got bad signature error how ever the same signature is
verified
in the Java correctlu ... erro occur in
if (((unsigned int)sig-digest-length != m_len) ||
(memcmp(m,sig-digest-data,m_len) != 0))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
why this error occuring .and how to over come this error