I finally managed to get the same result with RSA_sign as with CryptSignHash. The problem was I used the wrong algorithm, nid_SHA1WithRSA instead of nid_SHA1. When I sign an XML using this signature it also validates.
Thanks to everyone for explaining me everything and helping me with the stupid C++ mistakes I made! Goblin_Queen wrote: > > OK, I got your point, I'll ask what they meant by "the same results" then. > > You're saying that I'm not competent for this task. As I said before, I'm > a student, and I'm doing this project to get my master degree. Everything > security related is still very new to me, especially because it's in C++, > which I'm not very familiar with. But it is obvious that I'm not the last > person who will be working on this project. The company asked me to do > this, so I'll set the start for this project, but after me, many others > will check my code and optimise it. It's important for them because it's > security related so it should be really safe and bug free, and they also > realize that. The people who will work on it after me are experts on the > case, I just have to get as far as possible. I also find it annoying that > I have to ask these stupid questions, but where else should I seek help? > This forum is meant for people who are using OpenSSL, and I'm just trying > to learn how. > > But thanks for your time anyway. > > > > David Schwartz wrote: >> >> >>> David, >>> When I sign the same hash with the same certificate I should get the >>> same >>> signature. That sounds pretty logical to me. >> >> Really? So if you sign the same contract twice, the two signatures will >> be >> precisely identical? >> >>> The company I'm doing this >>> project for also told me that I should get the same result as the one >>> CryptSignHash gives me, that's why I'm trying to get 2 identical >>> results. >> >> By "the same result", I hope that they mean the same logical result. You >> will not get the exact same value. >> >> Suppose, for example, there were certain hash values that could weaken >> RSA >> keys. If I create a document that you have to sign, I can engineer the >> document so that the hash you wind up signing is one of those hash >> values. >> (Because I know the hash you are going to sign.) Adding random padding >> means >> an attacker, even if he chooses the plaintext you sign, cannot chose the >> hash you sign. >> >> Is this serious? No. But algorithms are not deliberately designed with >> vulnerabilities just because those vulnerabilities are not serious. >> >> If you are comparing the two signatures for literal equality, what you >> are >> doing makes no sense. >> >> One more point, and I apologize for having to bring this up. You are >> doing a >> security-related task for which you are not competent. Even if your code >> appears to work in simple test cases, there is a serious chance that it >> will >> have vulnerabilities that could compromise security. For example, if you >> had >> used 'strlen', an attacker could trivially create multiple documents that >> appear to have the same hash simply by choosing documents whose hashes >> all >> begin with a zero byte. >> >> If anyone is going to rely on your code, you are doing the equivalent of >> building a suspension bridge that will carry traffic. That takes an >> expert. >> That's just a fact. If you blunder you way through it, you will make >> every >> mistake. And some of them will leave code that appears to work. >> >> DS >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> >> > > ----- Stephanie -- View this message in context: http://www.nabble.com/Difference-between-RSA_sign-and-CryptSignHash-signature-tp22575898p22821136.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
