Sha1 verify and load_verify_locations()?

Mon, 20 Apr 2009 05:05:34 -0700 

Hello all,
i am trying to write application used for verifying digest signature of text
files.
I have used this command to create sign of file e.g. index.php:
openssl dgst -sha1 -sign private_key.pem -out sign.sha1 /var/www/index.php
I have many files with signatures from many users signed by its private
keys.
Right now, when i am trying to verify signature, first of all I find who is
owner of "index.php" file and ask the database for path to its public key.
After that I use this key to verify sign of file with:
It works OK.
///-----------------------------------------
//begin of verification code
sig_handle = VCWD_FOPEN(sign,"rb"))==NULL
signature = (char *) emalloc(fst_sig.st_size + 2)
signature_len = fread(signature, sizeof(char), fst_sig.st_size + 1,
sig_handle);
while(!feof(sig_handle)){
                j++;
                if ((signature = erealloc(signature, (fst_sig.st_size * j) +1)) 
== NULL){
                        php_printf("error");
                        return;
                }
                signature_len += fread(signature, sizeof(char), fst_sig.st_size,
sig_handle);
                signature[signature_len]='\0';
        }
mdtype = EVP_get_digestbyname("sha1");
if (!mdtype) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature
algorithm.");
                exit -1;
        }
EVP_VerifyInit   (&md_ctx, mdtype);
while((data_len = fread(data, sizeof(char), fst.st_size, orig_handle)) > 0){
        data[data_len]='\0';
        EVP_VerifyUpdate (&md_ctx, data, data_len);
        data = "";
        }
err = EVP_VerifyFinal (&md_ctx, signature, signature_len, pkey);
//end of code -------------------------------------

My question is: Is there any other way of selecting right public key(without
querying database)? I have read smth about load_verify_locations but i dont
know if i can use this for public keys?Maybe i can edit signature file to
add some identification which can be used when selecting right public key.

Could somebody write me if i am going the right way,when getting path to
user public key from database?
Or this is wrong concept and it can be done more effectively?

Thanks in advance,

Peter
-- 
View this message in context: 
http://www.nabble.com/Sha1-verify-and-load_verify_locations%28%29--tp23125119p23125119.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to