[openssl-users] Verifying RSA-SHA1 signature?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Sep 12 18:16:14 UTC 2016

> On Sep 12, 2016, at 1:26 PM, Nikolay Kudryavtsev <nikolay.kudryavtsev at gmail.com> wrote:
> The canonical representation is just a single string of data. I've tried asking that third party whether they have any line endings at the end when they sign it, but received no usable answer. So the most probable is no line endings. I've tried all 3 options, gonna try again just in case.

While you're at it, what character set?  UTF-8?  UCS-16? ...
Or was the string NUL-terminated, with the NUL included in
the signature?  Sadly there's lot of room for variation.

And are you in fact in possession of the right signature key?

Some folks might even return the signature in little-endian form,
or for that matter the public key.


More information about the openssl-users mailing list