Hi, I see the following error while trying to verify the signature using public key (generated in cygwin) and verification is done at embedded system with openssl libraries.
error:04077077:rsa routines:RSA_verify:wrong signature length The details about what I'm trying to do is as follows: * Private Key is created in cygwin using the command openssl genrsa -out private_key.pem 1024 * Public Key is created in cygwin using the command openssl rsa -pubout -in private_key.pem -out public_key.pem * The signature is created in cygwin using the command openssl dgst -md5 -binary -out "signmd.bin" -sign "private_key.pem" "input.txt" 1. When we use the private key and sign the data using RSA_sign and verify the signature created (on embedded system with openssl libraries) using RSA_verify with public key it works. This is when both RSA_Sign and RSA_Verify are done on the embedded system. 2) But, when we try verifying the signature created from cygwin, using the public key, it fails. When PEM_read_RSA_PUBKEY is used to extract the public key parameter N and E (N and E extraction is fine) and subsequently using RSA_Verify, it fails. 3) To get the RSA public key from ".pem" file, we are now using the API "PEM_read_RSA_PUBKEY", but if we have to use the API EVP_VerifyFinal() for verification. What API to use to get the EVP_PKey from ".pem" file. We tried using the API "PEM_read_PUBKEY", but guess it doesn't work – as an exception is generated when the API "EVP_VerifyFinal" is called. 4) Would appreciate if anyone can explain how exactly the API "EVP_VerifyFinal()" needs to be called., (i.e., what is the sequence - we tried EVP_VerifyInit and EVP_VerifyUpdate and then EVP_VerifyFinal) Regards, Raja
