[openssl-users] RES: Testing OpenSSL based solution
Marcus Vinicius do Nascimento
m.vinicius at samsung.com
Tue May 12 20:05:56 UTC 2015
Thanks for both answers.
I tried using Y as the public key, but ssl seems not to accept that.
Here is the error scenario:
>From the FIP file:
[mod = 1024]
Q = dc678f95c673538f74dcbf67a80454c843937795
R = 33bf9a15b6823e7c5583f94bcea2f0439a881f8c
S = 48feaff1ec4803fb88fdc70773d9ac7b84905d3a
Result = P
So I tried reformatting Y to pass it to PEM_read_bio_DSAPrivateKey.
Converting Y to Base64 =
Reformatting in PEM format = "-----BEGIN DSA PRIVATE KEY-----
-----END DSA PRIVATE KEY-----
Code that matters:
BIO * keybio = BIO_new_mem_buf(const_cast<char *>(key.c_str()), -1);
if (keybio == NULL)
errormsg = "Can not create DSA key";
DSA *dsa = PEM_read_bio_DSAPrivateKey(keybio, &dsa, NULL, NULL);
if (dsa == NULL)
errormsg = "Can not read DSA key";
Am I missing something here?
De: openssl-users [mailto:openssl-users-bounces at openssl.org] Em nome de
Enviada em: terça-feira, 12 de maio de 2015 15:42
Para: openssl-users at openssl.org
Assunto: Re: [openssl-users] Testing OpenSSL based solution
On 12/05/2015 20:10, Salz, Rich wrote:
You can't easily have test vectors for DSA signatures since they include a
random. Any test vector would have to include the random, and any API would
have to be able to accept the random as part of the "sign" API.
Verification should be okay.
What Mr. Salz refers to by "Verification should be okay"
is probably this:
You can have test vectors in the form of known good
signatures with public keys listed in the test vector.
For DSA, those would be the (message, y, r, s) quads
mentioned by the OP (y is the public key, (r, s) is the
signature), depending on his class library, it might be
possible to reformat those vectors to the format used
by his code for real messages.
The importance of such test vectors is to detect if an
implementation is accidentally implementing a different
signature algorithm (such as accidentally appending a 0
byte to each message both during signing and
verification). This would not be detected by signing
and verifying sample messages with random parameters.
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users