very much,
>
> Diego Gonzalez
> -
> -
>
>
> -Original Message-
> From: Tomas Mraz
> Sent: Friday, September 30, 2022 1:22 AM
> To: GonzalezVillalobos, Diego ;
> openssl-users@openssl.org
> Subject: Re: Updating RSA public key generation and signature
>
Subject: Re: Updating RSA public key generation and signature verification from
1.1.1 to 3.0
Caution: This message originated from an External Source. Use proper caution
when opening attachments, clicking links, or responding.
Hi,
unfortunately I do not see anything wrong with the code. Does
yesterday I was helping someone debug a DigestVerify
issue. We were consistently getting the "first octet is invalid" error out of
the RSA PSS signature verification code, but the same inputs worked with
openssl dgst.
I wrote a fresh minimal program from scratch (really minimal, w
ret == 0) {
> cout << "EC Verify digest fails" << endl;
> break;
> } else if (ret < 0) {
> printf("Failed Final Verify
> %s\n",ERR_error_string(ERR_get_error(),NULL));
&
that, it is the
same. Could it be a bug?
Thank you,
Diego Gonzalez
------
-Original Message-
From: Tomas Mraz
Sent: Thursday, September 29, 2022 1:12 AM
To: Gon
Hi,
comments below.
On Wed, 2022-09-28 at 22:12 +, GonzalezVillalobos, Diego wrote:
> [AMD Official Use Only - General]
>
> Hello Tomas,
>
> I generated the key as you suggested, and I am no longer getting an
> error message! Thank you for that. Here is how I'm generating the key
> now:
>
break;
}
found_match = true;
cout << "SEV EC verification Succesful" << endl;
Could it be because I'm creating a ECDSA SIG object and then turning it into a
der format to verify? Again, suggestions would
break;
> }
>
> if (EVP_DigestVerifyUpdate(verify_md_ctx, child_cert,
> pub_key_offset) <= 0){ // Calls SHA256_UPDATE
> cout << "updating digest fails" << endl;
> break;
> }
>
> int ret = EVP_DigestVerifyFinal(verify_md_ctx,
> signature, sig_len);
>
cesful" << endl;
My current output when I reach EVP_DigestVerifyFinal is showing this error:
Failed Final Verify error:0395:digital envelope routines::no operation set
I have been playing around with it for a while, but I am stuck at this point.
Any advice would be appreciated.
Than
On Thu, 2022-09-08 at 16:10 +, GonzalezVillalobos, Diego via
openssl-users wrote:
> [AMD Official Use Only - General]
>
> Hello everyone,
>
> I am currently working on updating a signature verification function
> in C++ and I am a bit stuck. I am trying to replace the
[AMD Official Use Only - General]
Hello everyone,
I am currently working on updating a signature verification function in C++ and
I am a bit stuck. I am trying to replace the deprecated 1.1.1 functions to the
appropriate 3.0 versions. The function takes in 2 certificate objects (parent
and
I found that if the signing and verification are all done by command line or
all done by API, the verification will pass. But if cross, then failed. Any
default configuration are different?
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
I am working on the upgrade my program written 4 years before with updated
openssl version 1.1.0j from 1.0.1e. There are so many changes between the
two versions. I updated my code with 1.1.0 API, but it failed and I cannot
figure out the reason.
The RSA key pair and message signature are generat
0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d,
> 0xdb, 0xaa};
>
>
>
>
>
> unsigned char
> hashnew[]={0x8f,0x43,0x43,0x46,0x64,0x8f,0x6b,0x96,0xdf,0x89,0xdd,0xa9,0x1c,0x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x2
> On Aug 29, 2018, at 5:53 AM, Linta Maria wrote:
>
> As you suggested, signature wasn't correct.
> With below input also it's not working.
Once again, the code is working correct, the key below did not produce
the posted signature. Please use "openssl rsautl" as shown in my
previous message
x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x27,0xaa,0x4};
-- Forwarded message -
From: *Viktor Dukhovni*
Date: Wed 29 Aug, 2018, 11:30 AM
Subject: Re: [openssl-users] Openssl api for signature verification using
digest
To: openssl-users@ope
> On Aug 29, 2018, at 1:05 AM, Linta Maria wrote:
>
> Still its not working.
The code is working correctly. The real problem is that the PEM
format 2048-bit RSA key you posted:
> BEGIN PUBLIC KEY-
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJH
Thanks Viktor for the help….
Please find below the input format.
Still its not working.
> On Aug 28, 2018, at 7:08 AM, Linta Maria wrote:
>
> I have used below code, but it’s not working. Please help me to get the
correct API.
>
> /*
> * NB: assumes verify_key, sig, siglen md and mdlen are a
[ Please post plain text, not HTML ]
> On Aug 28, 2018, at 7:08 AM, Linta Maria wrote:
>
> I have used below code, but it’s not working. Please help me to get the
> correct API.
>
> /*
> * NB: assumes verify_key, sig, siglen md and mdlen are already set up
> * and that verify_key is an RSA p
n Tue, Aug 28, 2018, 14:09 Linta Maria wrote:
>
>>
>>
>> Hi All,
>>
>>
>>
>>
>>
>> I have started using open ssl recently for implementing some
>> cryptographic operation.
>>
>> Now I want to implement signature verification by taking Si
Tuveri
On Tue, Aug 28, 2018, 14:09 Linta Maria wrote:
>
>
> Hi All,
>
>
>
>
>
> I have started using open ssl recently for implementing some cryptographic
> operation.
>
> Now I want to implement signature verification by taking Signature and
> hashed data
Hi All,
I have started using open ssl recently for implementing some cryptographic
operation.
Now I want to implement signature verification by taking Signature and
hashed data as input, but I am not able to get the proper API.
I have used below code, but it’s not working. Please help me to
➢ I was more talking about the parsing. Currently I have 40 LOC [1] to
Look at X509_get1_ocsp which is in crypto/x509v3/v3_utl.c That’s in 1.0.2 and
later
➢ > X509_CRL_verify. And yes, looking through to find the serial# is what you
have to do.
➢ That's 1.1-specific, correct?
Hi Rich,
On 18-10-17 17:46, Salz, Rich via openssl-users wrote:
> ➢ I used libcrypto to parse out the OCSP URL from the certificate validate
> it against a whitelist of valid OCSP URLs, send an OCSP request and
> validate the response and its signature against a custom certificate
> st
➢ I used libcrypto to parse out the OCSP URL from the certificate validate
it against a whitelist of valid OCSP URLs, send an OCSP request and
validate the response and its signature against a custom certificate
store, and then parse out the result.
Two points on that:
➢ -
Hi,
I have an application which wants to do verification of a certificate.
Not in the context of a context or a signature, but simply to verify if
the certificates are still valid and from a source that is correct in
the context in which the application runs.
I used libcrypto to parse out the OCS
ind_status() and friends I can manage to
get the status of the request and a given certificate.
However, that doesn't do signature verification. I believe that I should use
OCSP_basic_verify() for that, but I'm not entirely sure whether that is the
case, and if so whether I would need
ork; when I get the reply and use d2i_OCSP_RESPONSE(), then with things like
OCSP_response_status() and OCSP_resp_find_status() and friends I can manage to
get the status of the request and a given certificate.
However, that doesn't do signature verification. I believe that I should use
OCS
(), then with things like
OCSP_response_status() and OCSP_resp_find_status() and friends I can manage to
get the status of the request and a given certificate.
However, that doesn't do signature verification. I believe that I should use
OCSP_basic_verify() for that, but I'm not entirely sur
(continuing top posting to keep thread consistent)
Note that the point of using an X.509 signature at file creation time
and/or client approval time was to reuse the internal file structure
that is already designed to hold that particular signature format
(specifically, the internal file struc
el Wojcik
Technology Specialist, Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jakob Bohm
Sent: Wednesday, June 24, 2015 01:53
To: openssl-users@openssl.org
Subject: Re: [openssl-users] beginner needs advice on data
signature/verification
(Contin
*From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On
Behalf Of *Marco Warga
*Sent:* Saturday, June 20, 2015 04:48
*To:* openssl-users@openssl.org
*Subject:* [openssl-users] beginner needs advice on data
signature/verification
Hi,
I hope some of you could give me advice on
.org] *On
Behalf Of *Marco Warga
*Sent:* Saturday, June 20, 2015 04:48
*To:* openssl-users@openssl.org
*Subject:* [openssl-users] beginner needs advice on data
signature/verification
Hi,
I hope some of you could give me advice on my project using openssl.
MW: Why are you using OpenSSL for this ap
ehalf Of
Marco Warga
Sent: Saturday, June 20, 2015 04:48
To: openssl-users@openssl.org
Subject: [openssl-users] beginner needs advice on data signature/verification
Hi,
I hope some of you could give me advice on my project using openssl.
MW: Why are you using OpenSSL for this application? You w
Hi,
I hope some of you could give me advice on my project using openssl.
Lets say I have a server/service on a machine processing a file a
corresponding client sends. That file is usually created by me on a
clean third machine. The server side is assumed to be uncompromised (no
hacker). The c
= 9 prim: OBJECT :sha1WithRSAEncryption
Thanks,
Anand
- Original Message -
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Cc:
Sent: Thursday, June 20, 2013 4:52 PM
Subject: Re: openssl 1.0.1e Signature verification problems
On Thu, Jun 20, 2013, anand rao wrote:
>
On Thu, Jun 20, 2013, anand rao wrote:
> The output of command "openssl asn1parse -i -in cacert.pem" is
>
> 0:d=0 hl=4 l= 872 cons: SEQUENCE
> 4:d=1 hl=4 l= 729 cons: SEQUENCE
> 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
> 10:d=3 hl=2 l= 1 prim: INTEGER :02
> 13:d
= 129 prim: BIT STRING
Thanks,
Anand
- Original Message -
From: Wim Lewis
To: openssl-users@openssl.org
Cc:
Sent: Tuesday, June 18, 2013 11:33 PM
Subject: Re: openssl 1.0.1e Signature verification problems
On 14 Jun 2013, at 6:09 AM, anand rao wrote:
> I am using openssl 1.0.1e t
On 14 Jun 2013, at 6:09 AM, anand rao wrote:
> I am using openssl 1.0.1e to create a CA and generate certificates.
>
> I am facing an issue while generating the device certificates.
> After creating the ca certificate using below command
>
> # openssl req -x509 -new -newkey rsa:1024 -keyout priv
Signature verification problems..
This was not observed in previous versions. When I tried to change default_md
to sha1 in openssl.cnf it doesn't had any effect.
Please suggest if we need to configure anything in particular in openssl.cnf or
is it a bug.
Thanks,
application but the RSA
signature verification is failing when I comment the following portion of
code in p_verify.c file, it started working, May I have to clue what should
be set in our application to solve the issue with our modifying the openssl
code.
if (ctx->digest->
> From: owner-openssl-us...@openssl.org On Behalf Of dwipin
> Sent: Thursday, 22 November, 2012 23:20
> I am trying to develop a java utility based on Bouncy Castle
> that should be
> able to sign and encrypt data which can later be decrypted
> and verified on
> the server side (openssl).
>
> D
Its not exactly Signature Verification Failure. I get the following error -
Error reading S/MIME message
24746:error:2107A083:PKCS7 routines:SMIME_read_PKCS7:invalid mime
type:pk7_mime.c:364:type: application/octet-stream
--
View this message in context:
http://openssl.6102.n7.nabble.com
Bouncy-Castle-Signature-Verification-Failure-tp42468.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailin
hat the
> reason is for this.
>
> I can see the code that verifies signatures uses EC_POINT_mul, but I don't
> see a significant speedup as I did when using it to just generate public
> keys (q and m set to NULL in EC_POINT_mul). I can see that in the OpenSSL
> signature
rate
public keys (q and m set to NULL in EC_POINT_mul). I can see that in the
OpenSSL signature verification code q and m are not NULL in
EC_POINT_mul, so it makes sense why the speedup wouldn't be as great as
when they are NULL (since precomputations are only made for the
generator point o
I collected the detailed description I found:
|openssl errstr 0407006A
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
|
The signature verification is expected to pass as per the data input I
have provided. Something might be wrong in my code. Any help is appreciated.
T
g output:
>
> retval=0 err='error:0407006A:lib(4):func(112):reason(106)'
>
> When I collected the detailed description I found:
>
> openssl errstr 0407006A
> error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not
> 01
>
> The signature ve
07006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
The signature verification is expected to pass as per the data input I have
provided. Something might be wrong in my code. Any help is appreciated.
The data and the example code that I used is , in
http://stackoverflow.com/q/10927586/986020
thanks for help
ered
- the raw public key operation isn't working correctly, or you called it
incorrectly
It's not a hashing issue, since you don't see the padding.
> From: TSCOconan
> To: openssl-users@openssl.org,
> Date: 10/18/2011 03:03 PM
> Subject: Problem with signature v
> From: owner-openssl-us...@openssl.org On Behalf Of TSCOconan
> Sent: Tuesday, 18 October, 2011 14:57
>I'm trying to implement certificate signature verification
> on a Microchip pic controller.
>After reading PKCS#1 V2.1
> I realized that encryption is
Hi,
I'm trying to implement certificate signature verification (certificates
are generated and signed using OpenSSL) on a Microchip pic controller. The
Microchip PIC controller doesn't support OpenSSL libraries, but it does have
an encryption/decryption function. I was successful
On 10/5/2011 8:15 AM, brajan wrote:
My steps are
1. raw data eg.balamurugan
2. i am calculating hash for this data using sha256 which is 256 bit for
readable i convert this into (32 to 64 byte) hex string not hex represent.
eg hash string is a123sdf... which is 64 characters
3. now i am gi
Jakob Bohm-7 wrote:
>
> On 10/4/2011 4:58 PM, brajan wrote:
>> hi
>> can any one tell me why the signature verification in openssl fail when
>> the
>> message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
>> power Pc. i am getting er
Jeffrey Walton-3 wrote:
>
> On Tue, Oct 4, 2011 at 10:58 AM, brajan wrote:
>>
>> hi
>> can any one tell me why the signature verification in openssl fail when
>> the
>> message is signed bu java IBM fips compliant.i am using openssl 0.9.8g i
rs@openssl.org
Automated List Manager majord...@openssl.org
--
View this message in context:
http://old.nabble.com/Java-signature-verification-fail-in-openssl-tp32589928p32594391.html
Sent from the OpenSSL - Us
> From: owner-openssl-us...@openssl.org On Behalf Of brajan
> Sent: Tuesday, 04 October, 2011 10:58
> can any one tell me why the signature verification in
> openssl fail when the
> message is signed bu java IBM fips compliant.i am using
> openssl 0.9.8g in
> power Pc.
On Tue, Oct 4, 2011 at 10:58 AM, brajan wrote:
>
> hi
> can any one tell me why the signature verification in openssl fail when the
> message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
> power Pc. i am getting error in
>
> if (((unsigned in
On 10/4/2011 4:58 PM, brajan wrote:
hi
can any one tell me why the signature verification in openssl fail when the
message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
power Pc. i am getting error in
if (((unsigned int)sig->digest->length != m_len) ||
(me
hi
can any one tell me why the signature verification in openssl fail when the
message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
power Pc. i am getting error in
if (((unsigned int)sig->digest->length != m_len) ||
(memcmp(m,sig->digest->data,m_len) !=
A failed signature verification can have many causes. E.g.,
- bad digest
- bad signature
- bad public key
- bad OID
I debug by doing a raw public key operation on the signature. If you see
obvious padding and a good OID, and the digest doesn't match, then you
have to debug why the hash
,m_len) != 0))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
why this error occuring .and how to over come this error
--
View this message in context:
http://old.nabble.com/Error-While-Signature-verification-..-tp32503816p32503816.ht
using c++ )
Thanks & Regards
Balamurugan
--
View this message in context:
http://old.nabble.com/Trust-Chain-Loading-and-signature-verification-of-a-certificate-tp32088489p32088489.html
Sent from the OpenSSL - User mailing list archive at Nabble
Hi,
I am trying to use OpenSSL to independently verify a CKM_ECDSA_SHA1
signature produced by a Safenet protect gold HSM. The signature
verification with the error below, however using the HSM ctbrowse tool I can
verify the signature being produced. Can anybody out there help me interpret
what
Done that. It now seems to work! Thank you :)
S999D003:/home/ah/test # ./openssl ocsp -respin response-2.der -text
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST OCS
On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote:
> Ah! That's exactly the point, where I tried to edit the code and recompile
> it. But every time I tried to I became an error in make complaining about
> [link_app.] and a false call of 'main' in _start...
>
> Can I just replace
Ah! That's exactly the point, where I tried to edit the code and recompile it.
But every time I tried to I became an error in make complaining about
[link_app.] and a false call of 'main' in _start...
Can I just replace the file and recompile openssl? Or do I have to edit
something in any type
On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote:
> I forgot to write, which versions are used.
> For the client we are using 0.9.8L. But we also tested with M.
> We are not sure about the responders but we are trying to find out.
>
Oops, there was a bug in the print routine whic
I forgot to write, which versions are used.
For the client we are using 0.9.8L. But we also tested with M.
We are not sure about the responders but we are trying to find out.
Kind regards
Michel Pittelkow
> Hi everyone,
>
> we are currently trying to verify an ocsp response.
> The return is "Res
Sure! Here are the request and response files.
Kind regards
Michel Pittelkow
> Hi everyone,
>
> we are currently trying to verify an ocsp response.
> The return is "Response verify OK" but we need to verify the signature
> algorithm of the response signature.
> We tried putting the response in
On Fri, Mar 12, 2010, Michel Pittelkow - michael-wessel.de wrote:
> Hi everyone,
>
> we are currently trying to verify an ocsp response.
> The return is "Response verify OK" but we need to verify the signature
> algorithm of the response signature.
> We tried putting the response into an DER and
Hi everyone,
we are currently trying to verify an ocsp response.
The return is "Response verify OK" but we need to verify the signature
algorithm of the response signature.
We tried putting the response into an DER and parsing it. But still no
information about the signature.
There are signature
On Sat, Feb 06, 2010, Jim Welch wrote:
> Hello,
>
> We started working on a project several months ago that has a need for
> signature verification of an xml file. We had completed our tests and
> everything was woking. The provider of the file then sent us a new Public
>
Hello,
We started working on a project several months ago that has a need for
signature verification of an xml file. We had completed our tests and
everything was woking. The provider of the file then sent us a new Public Key
and said that it is what we will get for the live data. The file
// looked up g_free and it seems to just do a
free()
EVP_PKEY_free (pkey);
if (err != 1)
{
printf("Didn't Verify %d\n", err);
return(2);
}
printf ("Signature Verified Ok.\n");
return(0);
Thanks for everything.
Jim
- Original Message -
From: "Mounir ID
d the signature string. These are
what I'm giving to the EVP_VerifyUpdate and EVP_VerifyFinal. Still
not verifying.
Thanks Again,
Jim
- Original Message - From: "Mounir IDRASSI"
To:
Sent: Friday, November 06, 2009 5:11 PM
Subject: Re: Signature Verification
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Saturday, January 31, 2009 8:11 AM
To: openssl-users@openssl.org
Subject: RE: Openssl signature verification
> From: owner-openssl-us...@openssl.org On Behalf Of Ajeet kumar.S
> Sent: Friday, 30 January, 2009 00:07
pply the verifying algorithm to determine
if the received signature is correct for the (recomputed) hash.
You separately asked
> In Openssl for signature verification we are using API
ASN1_item_verify().
> Let me know the data which is used for finger print (signature)
creation
>
Dear All,
In openssl API X509_verify(X509 *a, EVP_PKEY *r) is used to verify the
signature of certificate. I have some doubt please help me.
1. Is in this API we are passing the CA certificate and public key of
CA certificate?
2. What is data over SSL compute the HASH?
3. SSL w
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: 23 January 2009 13:07
To: openssl-users@openssl.org
Subject: Re: ECDSA signature verification
> On Fri, Jan 23, 2009, Young, Alistair wr
On Fri, Jan 23, 2009, Young, Alistair wrote:
> ... though I notice that the Security Policy document does not
> explicitly mention ECDSA in the table of FIPS approved algorithms.
>
> It does mention DSA with 1024-bit keys (but has a confusing footnote
> which states that "DSA supports a key size
On Fri, 2009-01-23 at 10:13 +, Young, Alistair wrote:
> We really need to use the FIPS version of OpenSSL, so updating the code
> isn't a possiblity.
>
ah ok, so maybe you can just skip EVP.
bye!
--
Emanuele Cesena
http://ecesena.dyndns.org
Il corpo non ha ideali
_
mode" - is there an extra 'not' in this statement?),
but that perhaps doesn't cover ECDSA.
Alistair.
-Original Message-
From: Young, Alistair
Sent: 23 January 2009 10:13
To: 'openssl-users@openssl.org'
Subject: RE: ECDSA signature verification
Thank you, E
code ourselves which links to the FIPS
library.
Regards,
Alistair.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Emanuele Cesena
Sent: 23 January 2009 08:24
To: openssl-users@openssl.org
Subject: Re: ECDSA signature verificatio
On Mon, 2009-01-19 at 11:22 +, Young, Alistair wrote:
> * is it possible to define our own curves (rather than using
>one of the predefined curves)?
>
if you want to play with your EC, check crypto/ec/ectest.c
if you want to add a new curve to openssl, have a look at
crypto/ec/ec_curve.c,
Hi,
I'm new to OpenSSL, having just installed openssl-fips-1.2. I'm looking
for some guidance in how to use OpenSSL (from the command line) to
verify ECDSA signatures.
In particular, I have the following questions:
* is it possible to define our own curves (rather than using
one of the pred
Has anyone seen this behavior? Any help would be appreciated.
Thanks in advance,
Regards
Ashith
-Original Message-
From: Belliappa, Ashith Muddiana (HP Software)
Sent: Wednesday, October 17, 2007 11:37 AM
To: 'openssl-users@openssl.org'
Subject: RE: Signature verification
ame -a
SunOS test.hp.com 5.8 Generic_117350-39 sun4u sparc SUNW,Sun-Fire-280R
Regards
Ashith
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Friday, October 12, 2007 11:48 PM
To: openssl-users@openssl.org
Subject: RE: Signature verificat
Belliappa, Ashith Muddiana (HP Software) wrote:
>
> Hi,
> We have checked for proper library files usage during the signature
> verification. Even we have compared the file size of the library used in
> working and non- working machine and found both are exactly same. Even
> th
Hi,
We have checked for proper library files usage during the signature
verification. Even we have compared the file size of the library used in
working and non- working machine and found both are exactly same. Even
the checksum matches for the files.
In Solaris 5.7 also it works fine. The
Hello,
> Does anyone have a separate test program where we can test only the
> signature verification?
# openssl genrsa -out rsa.pem 2048
# openssl rsa -in rsa.pem -text -noout
# openssl rsa -in rsa.pem -pubout -out rsa-pub.pem
# openssl rsa -in rsa-pub.pem -pubin -text -noout
# ech
he above hold true..
(I haven't got 5.7 thing. Is it that you have also checked the code on a
5.7 & found it to be working properly?)
> Does anyone have a separate test program where we can test only the
> signature verification?
>
> Regards
> Ashith
>
-jb
--
No sno
Hi,
We have complied the code in an Solaris 5.7 machine. We have the same
set of binaries working fine in all the Solaris 5.8 machines. I am
getting the error ONLY in ONE Solaris 5.8 machine.
Does anyone have a separate test program where we can test only the
signature verification?
Regards
On Fri, Oct 12, 2007, Belliappa, Ashith Muddiana (HP Software) wrote:
>
> Hi,
> We have the same openssl version in both the machines. Still the
> problem occurs.
Do you have the same binaries or did you compile it on both machines?
If you compiled it try "make test" on the failing machine if
Hello,
> We have the same openssl version in both the machines. Still the
> problem occurs.
My proposition was to check private key modulus and public/certificate
modulus to be sure that they are the same.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
: Signature verification fails with block type is not 01
Hello,
> We are using openssl 0.9.8d in our environment. In one of the
> Solaris box we are getting an "block type is not 01" while doing the
> signature verification. We have compared the openssl (0.9.7l) and
> openssl
Hello,
> We are using openssl 0.9.8d in our environment. In one of the
> Solaris box we are getting an “block type is not 01” while doing the
> signature verification. We have compared the openssl (0.9.7l) and
> openssl (0.9.8d) and found few difference in the "signature
> ve
Hi All,
We are using openssl 0.9.8d in our environment. In one of the Solaris
box we are getting an "block type is not 01" while doing the signature
verification. We have compared the openssl (0.9.7l) and openssl (0.9.8d)
and found few difference in the "signature verification
On Wed, Feb 07, 2007, Jean-Claude Repetto wrote:
> Hi,
>
> I am trying to use openssl to sign documents and store detached
> signatures in PKCS7 format.
> First, I sign the document :
> openssl smime -sign -in document.txt -out document.txt.sign -signer
> certs/jcr.crt -certfile certs/ca.crt
Hi,
I am trying to use openssl to sign documents and store detached
signatures in PKCS7 format.
First, I sign the document :
openssl smime -sign -in document.txt -out document.txt.sign -signer
certs/jcr.crt -certfile certs/ca.crt -inkey private/jcr.key
When I check the signature, it is OK :
1 - 100 of 124 matches
Mail list logo