On 27/10/14 08:33, Gayathri Manoj wrote: > Hi All, > > How can I replace RSA_public_decrypt() with EVP_Verify*().
These two functions do not do the same thing. A simple one for one replacement is not possible. RSA_public_decrypt just decrypts a ciphertext encrypted with a private RSA key. It can be *used* for verifying a signature, but is not sufficient by itself. Typically what you actually sign is the hash of the message, not the message itself. EVP_Verify, when supplied with an RSA key will verify the signature supplied to it against the *message* also supplied (not the hash of the message). The signature is expected to be a PKCS#1 v1.5 style signature...which is not just an RSA encrypt of a hash - the hash is wrapped in a DigestInfo ASN1 structure and then signed. EVP_Verify* will take the supplied message, hash it using the supplied algorithm, decrypt the supplied signature and verify that the hashes match. If you want to use EVP_Verify then I would expect you to have to rewrite your code more significantly than just a RSA_public_decrypt -> EVP_Verify* replacement. If you want a straight one-for-one replacement then you might want to look at EVP_PKEY_public_decrypt...although I would recommend the bigger rewrite to use EVP_Verify*...or even better EVP_DigestVerify (a newer more flexible interface). More comments below: > > I wanted to replace the below api with EVP_verify*() > > RSA_public_decrypt(Len, SgnData, dBuffer, rsa_pub_key, RSA_PKCS1_PADDING); > > I have tried with > > EVP_MD_CTX md_ctx; > unsigned char *decryptBuffer = NULL; > EVP_PKEY *pubKey = NULL; > PubKey = X509_get_pubkey(X509cert); > decryptBuf = (uchar *) malloc(EVP_MD_size(EVP_sha1())); > > EVP_VerifyInit(&md_ctx, EVP_sha1()); The md_ctx needs to be initialised before you use it using EVP_MD_CTX_init. Not sure why you are using sha1 here, when you say sha256 below. > EVP_VerifyUpdate (&md_ctx, dBuffer, strlen(dBuffer)-1); What is dBuffer here? Your message, or the hash of your message? You are using the same variable in RSA_public_decrypt above, but EVP_VerifyUpdate will first hash whatever you provide in dBuffer, whilst RSA_public_decrypt will not. If dBuffer is a hash then that is binary data and strlen will not work on it. > errorCode = EVP_VerifyFinal(&md_ctx, SgnData, Len, PubKey); > > Getting errorCode as 0. ERR[bad signature] > > certificate's Signature Algorithm is SHA256withRSA > > Please let me know how can I solve this issue. Hope that helps, Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
