Hi,
As explained in the initial email we were able to resolve the
"RSA_verify:wrong signature length" by generating the signature in two steps as
explained below (which generates 128 byte signature):
openssl dgst -md5 -binary -out signmd.bin input.txt
openssl rsautl -encrypt -inkey rsapriv.pem -in signmd.bin -out signmd.enc
First generate a hash digest based on MD5 and then encypt the hash digest using
private key.
But when we use the API
RSA_verify(NID_md5, datatosign, (strlen(datatosign)), signature,
strlen(signature), key);
at the embedded side to verify the signature we get the following error:
error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header
FYI we disabled padding at the embedded side for RSA_verify.
Any help appreciated to resolve the ASN error.
Will decrypt of signature followed by local hash generation at the embedded
side to be compared with the output of the decrypt signature help resolve the
issue.
Best regards,
Am. Sivaramakrishnan
--- On Thu, 11/13/08, Raja RC <[EMAIL PROTECTED]> wrote:
> From: Raja RC <[EMAIL PROTECTED]>
> Subject: signature length mismatch ERROR in RSA_Verify.
> To: openssl-users@openssl.org
> Date: Thursday, November 13, 2008, 5:11 AM
> Hi,
> I see the following error while trying to verify the
> signature using public
> key (generated in cygwin) and verification is done at
> embedded system with
> openssl libraries.
>
> error:04077077:rsa routines:RSA_verify:wrong signature
> length
>
> The details about what I'm trying to do is as follows:
>
> * Private Key is created in cygwin using the command
> openssl genrsa -out
> private_key.pem 1024
> * Public Key is created in cygwin using the command openssl
> rsa -pubout -in
> private_key.pem -out public_key.pem
> * The signature is created in cygwin using the command
> openssl dgst -md5
> -binary -out "signmd.bin" -sign
> "private_key.pem" "input.txt"
>
>
> 1. When we use the private key and sign the data using
> RSA_sign and verify
> the signature created (on embedded system with openssl
> libraries) using
> RSA_verify with public key it works. This is when both
> RSA_Sign and
> RSA_Verify are done on the embedded system.
>
> 2) But, when we try verifying the signature created from
> cygwin, using the
> public key, it fails. When PEM_read_RSA_PUBKEY is used to
> extract the public
> key parameter N and E (N and E extraction is fine) and
> subsequently using
> RSA_Verify, it fails.
>
> 3) To get the RSA public key from ".pem" file, we
> are now using the API
> "PEM_read_RSA_PUBKEY", but if we have to use the
> API EVP_VerifyFinal() for
> verification. What API to use to get the EVP_PKey from
> ".pem" file. We tried
> using the API "PEM_read_PUBKEY", but guess it
> doesn't work – as an
> exception is generated when the API
> "EVP_VerifyFinal" is called.
>
> 4) Would appreciate if anyone can explain how exactly the
> API
> "EVP_VerifyFinal()" needs to be called., (i.e.,
> what is the sequence - we
> tried EVP_VerifyInit and EVP_VerifyUpdate and then
> EVP_VerifyFinal)
>
> Regards,
> Raja
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
