Hi Paul,
You say that the exponent is 1024 bit long. This means you are using the
private exponent because usually the public exponent is much smaller:
typically the public exponent is 3 or 65537.
So in order to construct your RSA public key, replace the value of the
private exponent you are using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
Hi, everyone.
In Openssl 0.9.8i, I'm trying to take an RSA public exponent and
public modulus, assemble them into an RSA key, and use that to verify
a signature for a message. However, EVP_VerifyFinal() always fails,
apparently because of the wrong use of padding.
My code:
RSA * RsaKeyPtr = RSA_new();
EVP_PKEY * EvpKeyPtr = EVP_PKEY_new();
RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); //
Public modulus n
RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); //
Public key exponent e
EvpKeyPtr->type = EVP_PKEY_RSA;
if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
{
EVP_MD_CTX_init(&MDContext);
if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL))
{
if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength))
{
if(EVP_VerifyFinal(&MDContext, SignaturePtr,
SignatureLength, EvpKeyPtr))
{
...
The call stack looks like:
RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
...
RSA_eay_public_decrypt()
RSA_padding_check_PKCS1_type_1()
and that last function fails.
Am I assembling the RSA key incorrectly?
The modulus and exponent are each 1024 bits long and the message and
signature are each 128 bytes long
Thanks very much,
Paul
*___________________________________
Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |*
Office:* 949.856.7748 | _paul.suh...@quantum.com_
<mailto:paul.suh...@quantum.com>
------------------------------------------------------------------------
The information contained in this transmission may be confidential.
Any disclosure, copying, or further distribution of confidential
information is not permitted unless such privilege is explicitly
granted in writing by Quantum. Quantum reserves the right to have
electronic communications, including email and attachments, sent
across its networks filtered through anti virus and spam software
programs and retain such messages in order to comply with applicable
data security and retention requirements. Quantum is not responsible
for the proper and complete transmission of the substance of this
communication or for any delay in its receipt.
--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
