> On Oct 27, 2014, at 4:33 AM, Gayathri Manoj <gayathri.an...@gmail.com> wrote: > > Hi All, > > How can I replace RSA_public_decrypt() with EVP_Verify*(). > > I wanted to replace the below api with EVP_verify*() > > RSA_public_decrypt(Len, SgnData, dBuffer, rsa_pub_key, RSA_PKCS1_PADDING); >
You’d need to share more of the code around the call to RSA_public_decrypt(). RSA_public_decrypt() only does some of the work done by EVP_Verify*. EVP_Verify* are intended to: 1) Hash user data using the hash type passed to EVP_VerifyInit(), SHA1 in your example below, using EVP_VerifyUpdate(); 2) Decrypt the encrypted data (SgnData in your example below) in EVP_VerifyFinal(); and 3) Verify the hash type specified in EVP_VerifyInit() matches the one in the decrypted data from step 2, and verify the hash value from step 1 matches the hash value in the decrypted data from step 2. Your code below probably fails because you didn’t pass the correct data to EVP_Update(), SgnData isn’t in a valid signature format, OR you use the wrong keys somewhere. :) Oh, and the signature algorithm for the certificate is meaningless unless you’re trying to verify the certificate’s signature —- and if you want to do that, I strongly recommend using X509_verify_cert() for verifying the certificate’s signature, if at all possible, and X509_check_issued() if you can't. TOM > I have tried with > > EVP_MD_CTX md_ctx; > unsigned char *decryptBuffer = NULL; > EVP_PKEY *pubKey = NULL; > PubKey = X509_get_pubkey(X509cert); > decryptBuf = (uchar *) malloc(EVP_MD_size(EVP_sha1())); > > EVP_VerifyInit(&md_ctx, EVP_sha1()); > EVP_VerifyUpdate (&md_ctx, dBuffer, strlen(dBuffer)-1); > errorCode = EVP_VerifyFinal(&md_ctx, SgnData, Len, PubKey); > > Getting errorCode as 0. ERR[bad signature] > > certificate's Signature Algorithm is SHA256withRSA > > Please let me know how can I solve this issue. > > Thanks, > Gayathri ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
