Re: ECDSA - Signature verify

Tue, 10 Jun 2014 12:44:09 -0700 

remember doing something along the lines of :

ecPublicKey = X509_get_pubkey(readCertificate);
EC_KEY *ecKey;
ecKey = EVP_PKEY_get1_EC_KEY(ecPublicKey);
EC_KEY_set_asn1_flag(ecKey, <Put in the curve name>);
ecGroup = EC_GROUP_new_by_curve_name(<Put in the curve name>);
EC_KEY_set_group(ecKey, ecGroup);


int status = ECDSA_verify(ecPublicKey->type, digest, SHA256_DIGEST_LENGTH,
signatureBytes, Signaturelength, ecKey);
if(status==1)
    //signature is valid

I will let someone with more experience comment on whether it is right or
wrong.




On Tue, Jun 10, 2014 at 7:24 AM, Anant Rao <a...@noknok.com> wrote:

> Hi,
>
> Objective in one-line:
> =================
> Verify a signature, given an ECDSA public key in X509 format.
>
>
> Details:
> ======
> I read an X509 cert stored on disk. The following are some of its contents:
>
> Public Key Algorithm: id-ecPublicKey
>                 Public-Key: (256 bit)
>
> ...
> ASN1 OID: prime256v1
> Signature Algorithm: ecdsa-with-SHA1
> ...
>
>
> Now, I get some data that is signed by the private key corresponding to
> the above public key/cert and I need to verify it.
>
> Here're some pieces of my code:
>
> ...
> EVP_PKEY *pub_key = X509_get_pubkey(cert);  //this is OK
> ...
> EVP_VerifyFinal(&c, signature, signature_len, pub_key); //this fails; Why
> does it fail?
>
> The following are the errors from the above VerifyFinal:
>
> 140310811899840:error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long:asn1_lib.c:150:
> 140310811899840:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
> object header:tasn_dec.c:1306:
> 140310811899840:error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=ECDSA_SIG
>
>
> So, after reading this page (
> http://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography), I
> realized I need to extract the EC_POINT out of the above public key.
> But, I'm not sure how to do it. Assuming that that's the right approach, I
> want to do the following:
>
> EC_POINT *pub;
>
> if(1 != EC_KEY_set_public_key(key, pub)) handleErrors();
>
> Can you help how I can retrieve the EC_POINT out of the public key? If
> this is not the correct approach at all, could you point what I need to do?
>
> Thanks a lot in advance!
>
>


-- 
Swair Mehta

Reply via email to