> Great! > It works fine. When I got your mail I was just getting ready to test this function. > This public key I have loaded, shall be used to verify a signature. > I have the signature as a 128 byte binary blob. > > I have been looking at the RSA_public_decrypt() function, but I'm not quite sure how >it works. > How can I verify a signature without specifying what was signed in the first place?
>Public key is normally used to recover the digest of >something-to-be->signed and memcmp() it to another one. >That is, one need a hash of a document, >not necessary the document. I have looked in the rsautl application, and there they seem to use RSA_public_decrypt() to verify a signature. I have tried to use this function and it does work somehow (not sure exactly what it does though). If I change one bit in the binary blob, the verification (RSA_public_decrypt) fails. RSA_public_decrypt() does return 35 bytes of something that I don't know what is. Maybe a hash and some information about the hash algorithm? I don't know how to "decode" this returned binary blob? TIA, Kim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
