On Mon, Jul 31, 2006, k b wrote: > Thanks Steve for pointing out that i posting to the wrong list, sorry my > bad for some reason i didn't read it right. anyways... >
I've moved it now. > lemme give some background > i have a plain text file plain.txt > > i call > #> openssl rsautl -sign -inkey ./private/cakey.pem -in plain.txt -out > signature.bin > so my first question That command uses the RSA algorithm directly to sign the data. That isn't normally done instead the data is digested and the digest signed instead. If you use a digest command such as "openssl sha1" with the -sign option it will do the right thing. > 1) what kind of hashing alogrithm would the above command use ? is it > possible to suggest one to use like sha1 or md5 etc ... > It doesn't use one. > in my c code i'm using the EVP_verify interface to verify the signature.bin > > here's what i do > * I load the cert > * read the public key into EVP_PKEY > * read the plaintext into a buffer 'plainTextData' > * read the signature.bin into a buffer 'sig_buf' > and then do the followin > > EVP_MD_CTX_init(&md_ctx); > > EVP_VerifyInit (&md_ctx, EVP_sha1()); <--- here i'm not sure which > hash algo to specify. ??? > EVP_VerifyUpdate (&md_ctx, plainTextData, plainTextSize); > err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey); > > here what i get > 11908:error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message > digest algorithm:a_verify.c:141: > 11908:error:0D07209B:asn1 encoding routines:ASN1_get_object:too > long:asn1_lib.c:132: > 11908:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object > header:tasn_dec.c:935: > 11908:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:304:Type=X509_SIG > > Any lead would appreciated, as i'm out of ideas. If you use "openssl sha1" to sign with you should have more luck. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
