Hi, thanks again for your help. I am now consistently getting an error "0306E06C:bignum routines:BN_mod_inverse:no inverse" when calling RSA_verify. I am still taking the following steps: 1) Extracting the 'SignedInfo' node and creating a 20 byte SHA1 hash of the value of it and its contents. I am confident this is working correctly because I use the same code for calculating and comparing the DigestValues which is working fine.
2) Extracting the 'Modulus' and 'Exponent' values and then Base64 decoding both. This creates a 128 byte modulus and 3 byte exponent. I am also confident this is working correctly because I am using the Base64 decoding/encoding code elsewhere without problems. 3) Extracting the 'SignatureValue' value and Base64 decoding it which creates a 128 byte signature. 4) Converting (using BN_bin2bn) the Base64 decoded modulus and exponent values and assigning them to a RSA structure (n and e) with a size of 128 and 3 bytes respectively i.e rsa_struct_ptr->n = BN_bin2bn(modulus, 128, NULL); rsa_struct_ptr->e = BN_bin2bn(exponent, 3, NULL); I am calling RSA_new() before I do this. 5) Calling RSA_Verify with 'NID_sha1', the 20 byte hash (from 1) above) , the 128 byte signature value (from 3) above) , a signature size of 128, and the previously populated RSA structure (from 4) above). . I have looked at the Modulus, Exponent, P, Q, DP, DQ, InverseQ and D values that are created on the server before the signature is sent to the client. The Modulus and Exponent values match those that are received on the client. Is there some step I am doing incorrectly or something I am still missing? Thanks Chris
