[openssl-users] Is it mandatory to reverse windows signature while doing verification in OpenSSL?
thomas.francis.jr at pobox.com
Wed Apr 1 13:47:22 UTC 2015
If you mean you’re using CryptSignHash(), and are reversing the bytes in the resulting signature, then yes, this is normal. You’ll need to reverse the bytes when verifying the signature with ANY other toolkit/library, including CNG. :) If it’s not too late, you should store the signature with the bytes reversed, and then reverse the bytes when you want to verify the signature with CryptVerifySignature(), so that nothing else needs to reverse the bytes. If you later switch from CryptoAPI to CNG, then you’ll be able to remove the byte reversing code, since CNG uses the same byte order as OpenSSL.
CryptoAPI tends to put all large integer data in least significant byte first order (probably because somebody was accustomed to little endian on x86?). Every other library I’ve used does the opposite, so I strongly recommend any storage be different from what CryptoAPI produces/expects unless your main intent is to work only with CryptoAPI.
> On Apr 1, 2015, at 2:12 AM, Rishabh K Dubey <rishabh.dubey at igate.com> wrote:
> We have signed data on Win 7 using Crypto APIs and generated signature. We have observed this such reversing of signature bytes is valid operation or not. Thanks in advance.
> Information contained and transmitted by this e-mail is confidential and proprietary to IGATE and its affiliates and is intended for use only by the recipient. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator or mailadmin at igate.com. IGATE does not enter into any agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of IGATE. IGATE is not responsible for the consequences of any actions taken on the basis of information provided, through this email. The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. While IGATE has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening an attachment. To know more about IGATE please visit www.igate.com.
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users