[openssl-users] Openssl api for signature verification using digest
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 28 15:37:33 UTC 2018
[ Please post plain text, not HTML ]
> On Aug 28, 2018, at 7:08 AM, Linta Maria <lintamaria194 at gmail.com> wrote:
>
> I have used below code, but it’s not working. Please help me to get the correct API.
>
> /*
> * NB: assumes verify_key, sig, siglen md and mdlen are already set up
> * and that verify_key is an RSA public key
> */
In what form is the message digest? Is it the raw digest octets,
or some hex or base64 encoding? In what form is the signature?
> ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
> if (!ctx)
> /* Error occurred */
>
> if (EVP_PKEY_verify_init(ctx) <= 0)
> /* Error */
>
> if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
> /* Error */
>
> if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
> /* Error */
Since you're verifying a hash, do not configure a message
digest.
> /* Perform operation */
>
> ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
This is the right function for verifying public key
signatures over some input. For more help, post
the *public* key used, the signature and the input
digest.
You can find similar code in the source code of the
rsautl and pkeyutl commands.
--
Viktor.
More information about the openssl-users
mailing list