Hi
I want to compare two X.509 certificates by
i. matching its digital signatures
ii. using the public key to decipher the signature of
cert1, read the
precalculated fingerprint, then calculate the cert2's
fingerprint, and
finally, compares the two fingerprints.
i. memcmp(cert1->signature->data,
cert2->signature->data, 128);
is it correct?
ii. to calculate the cert2's fingerprint:
X509_digest(cert2, EVP_sha1(), myhash, NULL);
//myhash is the same as
cert2->sha1_hash
to decrypt the signature (looking at the RSA_verify()
code):
i = RSA_public_decrypt(128, cert1->signature->data, s,
rsa_priv,
RSA_PKCS1_PADDING);
p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
I was expecting that sig->digest->data matches myhash
but they aren't.
Why??
What is sig->digest->data and how can I decrypt the
signature to get
the fingerprint??
Thank you
____________________________________________________________________________________
Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings,
and more!
http://tv.yahoo.com/collections/3658
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
