On Thu, 2007-11-22 at 15:31 +1300, Chris Brown wrote: > Hi all, > > I have a .Net webservice sending a Digital Signature within the soap > response which I am attempting to verify using the Crypto library > 'RSA_verify' function on an embedded MontaVista system. I am assuming > that this is possible to do. > > I have extracted the 'SignedInfo' element from the xml of the digital > signature and created a 20 byte message digest of it using SHA1 which > is the same hashing algorithm used by the web service. I have > also successfully extracted the 'SignatureValue', 'Modulus', > and 'Exponent' from the xml of the digital signature. I have assigned > the modulus and exponent values to the RSA structure. I then called > 'RSA_verify' with NID_sha1, the message digest, message digest size > (20), the SignatureValue, the RSA structure size (172) and the RSA > structure. This gives an error of "RSA_EAY_PUBLIC_DECRYPT:data too > large for modulus". > > I read somewhere else that the SignatureValue must be converted to > binary data which gave me a signatureValue size of 128 rather than 172 > however if I retry RSA_verify with the signature as binary data I > receive the same error. This error you can get if signature is greater then module (not only treated as byte stream, eg sig=256 bytes, modulus=128 bytes, but as big numbers (byte stream converted to big number)). If you have 1024 bit key then signature and modulus should be 128 bytes log and to RSA_verify you should provide signature binary stream of 128 bytes, modulus and exponent should be imported to RSA structure.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
