On Wed, Sep 24, 2003, Andreas Feldner wrote: > Hi, > > for a multiplatform project, I'm trying to find a method to create and verify > RSA signatures between the following 'worlds' of cryptography: > > - MS CryptoAPI (unluckily brought in a certain crypto smart card) > - OpenSSL > - Java Cryptography (currently using the bouncy castle provider) > > Whereas 'naked' RSA signatures verify OK between OpenSSL and JCE, MS generated > signatures (CryptSignHash) won't verify anywhere apart from the MS world, > though the hashes do match. I understood from my research in different > mailing lists, that this is a known problem that arises from different (and > apparently unknown) padding algorithm used by MS CryptAPI. >
I don't know who told you that but its wrong! The output of CryptSignHash() can be readily verified by OpenSSL. However CryptoAPI signatures are little endian whereas OpenSSL (and others) follow the PKCS#1 standard and are big endian. All this measn in practice is that you need to reverse the byte order between the two. That is if you take the output of CryptSignHash() reverse its bytes (first becomes last etc) and then try to verify with OpenSSL it should be OK. Simiarly if you have an OpenSSL signature you need to reverse its bytes before calling CryptVerifyHash(). Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
