Hello,
> I notice that the length for a certificate verify message produced by 
> s_client is always 0x80 bytes (indicated in the messgeLength field). 
> However, according to RFC 4346, the CertificateVerify message should be 
> either 36 or 20 bytes, depending on the signature algorithm. 
> Can anyone kindly let me know why there are 0x80 bytes?
....
> Xiaoyu
> 
>       struct {
>            Signature signature;
>       } CertificateVerify;
> 
>       CertificateVerify.signature.md5_hash
>           MD5(handshake_messages);
> 
>       CertificateVerify.signature.sha_hash
>           SHA(handshake_messages);
> 
>       struct {
>           select (SignatureAlgorithm) {
>               case anonymous: struct { };
>               case rsa:
>                   digitally-signed struct {
>                       opaque md5_hash[16];
>                       opaque sha_hash[20];
>                   };
>               case dsa:
>                   digitally-signed struct {
>                       opaque sha_hash[20];
>                   };
>               };
>           };
>       } Signature;
CertificateVerify hash is 16+20 bytes for RSA or 20 bytes for DSA.
This hash is calculated from exchanged messages and other data.
Next, this hash is signed (encrypted with client private key) and if you
are using RSA 1024 bit key then this signature is of 128 bytes length
(0x80). When you look at SSL/TLS packets, you see signed hash.
Server decrypts this packet with client certificate, calculates its own
hash, compares this two hashes and accepts client authentication or not.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to