Hi, I have a self-signed certificate generated by OpenSSL. I'm using Python and various libraries (PyCrypto, tlslite) to programmatically access the certificate. I'm not having any problems pulling the data out of the certificate.
Now I want to validate the certificate. My current understanding, and please correct me if I'm wrong, is that when the certificate was generated, its data was hashed and the hash was encrypted with the private key. This signature is then tacked on to the end of the data and the whole bundle of data + signature algorithm identifier + signature is the certificate. So to check the signature, it should be as easy as to hash the data, decrypt the signature with the public key and compare the two. Is this correct? I'm having some problems if that's the case. The biggest problem is knowing how much of 'the data' to hash. At the moment I'm taking the binary blob that is essentially the certificate in DER form and stripping the signature and signature algorithm from the end of the blob. I then hash the blob and compare the hash to the decrypted signature. They don't match, so I remove one byte more, compare, and so on. I've tried stripping only the signature and systematically removing more and more, but still no match. Any suggestions? Thanks, Anthony. -- Anthony Floyd, PhD Convergent Manufacturing Technologies Inc. 6190 Agronomy Rd, Suite 403 Vancouver BC V6T 1Z3 CANADA Email: [EMAIL PROTECTED] | Tel: 604-822-9682 x102 WWW: http://www.convergent.ca | Fax: 604-822-9659 CMT is hiring: See http://www.convergent.ca for details ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
