On 2007.11.20 at 11:48:47 +0100, Marek Marcola wrote: > Server decrypts this packet with client certificate, calculates its own > hash, compares this two hashes and accepts client authentication or not.
It is not way how DSA/ECDSA signatures work. If we are talking about RSA, we can talk about decrypting. But in El-Gamal style algorithms (DSA, ECDSA, GOST R 34.10) there is no way to "decrypt" signature and obtain original hash from signature. We can verify signature, i.e. take hash and public key from certificate, and check whether signature was computed from same hash and corresponding private key. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
