Reputation: 41
verify data signature generated with openssl, using crypto++
I have a server, running under python, signing a message sha256 digest using m2crypto
I use a public and private RSA key generated by openssl CLI. On the server side everythgin is OK
Python code :
privateKey = M2Crypto.RSA.load_key(sys.argv[2])
signedDigest = privateKey.sign(digest, 'sha256')
I double check that signature is good :
pubKey = M2Crypto.RSA.load_pub_key("key.pub.pem")
if pubKey.verify(digest, signedDigest, 'sha256') (etc....)
I store the signed sha256 digest in a file and send it with the original message to the client.
On the client side, running under c++ vc6, I load the signed sha256 digest (as binary), and the message that was signed. The aim is now to verify the message , together with the signed sha256. I have cryptopp as static link, and I know it works fine, because I can compute sha256, and compare with sha256 from python having same result. Here is the code :
RSA::PublicKey pubKey;
pubKey.Load( FileSource(LicenseControl::pubKeyPath, true));
RSASS< PKCS1v15, SHA >::Verifier verifier(pubKey);
//shaDigest is newly computed sha256, signatureByte is the signature of the message received from the server
result = verifier.VerifyMessage( shaDigest, CryptoPP::SHA256::DIGESTSIZE, signatureByte, 512);
This compiles and run, but always return false. To ensure that signature is valid, I have verified it using directly openssl CLI (not through m2crypto python wrapper) :
openssl dgst -sha256 -verify key.pub.pem -signature sign original_file
Verified OK
This confirms that signed sha256 digest is ok, and that it can be used to verify message successfully using the public key. I am aware of DER and PEM format (using PEM for openssl, DER for cryptopp). So I believe the public key is correct. Now my problem is How to use cryptopp library to verify the signature ??? I have been through the doc, but after days on it, it still looks like chinese to me. I hav tried thing like
RSASS< PSSR, SHA >::Verifier verifier(pubKey);
using PSSR to encrypt in python code, but no luck...
I am now considering to only decrypt with public key the signed sha256 digest and compare it myself to the newly sha256 digest computed from the receive file. But even that simple, I hevn't found in the doc...
Any idea how to use verifier properly ?
How to decrypt using public key ? in case previous question can not be solved
Upvotes: 4
Views: 3188
Answers (1)
Reputation: 8405
Two issues here I think:
First, SHA in RSASS< PKCS1v15, SHA > means SHA-1, not SHA_256. You'd want SHA256 here instead.
Also, VerifyMessage takes the entire message, not just a hash - the hash is computed internally for you. So right now when you're trying to verify the message, you're actually (as far as Crypto++ is concerned) trying to verify SHA-1(SHA-256(msg)), so naturally it fails. Pass the entire actual message instead, skipping your extra SHA-256 computation.
Upvotes: 1
Related Questions
- ECDSA sign with OpenSSL, verify with Crypto++
- Verify RSA signature in c++ using openssl
- Signature verification with OpenSSL
- Verify signature in C++ using OpenSSL
- Signing and Verifying with OpenSSL
- verifying the signature of x509
- verify openssl signature using crypto++ library
- How to use result of CryptSignMessage with OpenSSL to verify digital sign
- verifying a file signature with openssl dgst
- How to verify a signature using M2Crypto 0.16