Hi thanks for the sample code you provided. I have tested the sample code and it runs without error however I am still using the default char N[], char E[] and msg[] values in the file.
I am unclear what steps I need to take to convert the Modulus and Exponent strings from my XML into a format suitable for this function. In the code it seems that the N and E values are hexadecimal- should this be the hexadecimal conversion of my 128 byte base64 decoded modulus value from the XML and the equivalent for the exponent? Also should the 'msg[]' character array be the pure xml string of the SignedInfo element? Thank you for your continued help. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, 5 February 2008 6:34 a.m. To: openssl-users@openssl.org Subject: RE: RSA_verify problem Hello, > I am now consistently getting an error "0306E06C:bignum routines:BN_mod_inverse:no > inverse" when calling RSA_verify. > > I am still taking the following steps: > > 1) Extracting the 'SignedInfo' node and creating a 20 byte SHA1 hash > of the value of it > and its contents. I am confident this is working correctly because I > use the same code > for calculating and comparing the DigestValues which is working fine. > 2) Extracting the 'Modulus' and 'Exponent' values and then Base64 decoding both. This > creates a 128 byte modulus and 3 byte exponent. I am also confident this is working > correctly because I am using the Base64 decoding/encoding code > elsewhere without problems. > 3) Extracting the 'SignatureValue' value and Base64 decoding it which creates a 128 bytesignature. > 4) Converting (using BN_bin2bn) the Base64 decoded modulus and > exponent values and > assigning them to a RSA structure (n and e) with a size of 128 and 3 bytes respectively > i.e rsa_struct_ptr->n = BN_bin2bn(modulus, 128, NULL); > rsa_struct_ptr->e = BN_bin2bn > (exponent, 3, NULL); I am calling RSA_new() before I do this. > 5) Calling RSA_Verify with 'NID_sha1', the 20 byte hash (from 1) > above) , the 128 byte > signature value (from 3) above) , a signature size of 128, and the previously populated > RSA structure (from 4) above). . > I have looked at the Modulus, Exponent, P, Q, DP, DQ, InverseQ and D values that are > created on the server before the signature is sent to the client. The Modulus and > Exponent values match those that are received on the client. > Is there some step I am doing incorrectly or something I am still missing? Modular inverse is calculated with private keys and with RSA blinding when CRT is used and in modular exponentation. Only third case apply here. My proposition is to test this with steps. First of all you should check if your public key decrypts correctly signature and this signature looks good. You should use RSA_public_decrypt() function and check output. I've attached simple test program which may be adapted for this purpose. As result you should get padded ASN1 structure. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __________ NOD32 2847 (20080204) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
