Openssl api for signature verification using digest

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Openssl api for signature verification using digest

Linta Maria


Hi All,

 

 

I have started using open ssl recently for implementing some cryptographic operation.

Now I want to implement signature verification by taking Signature and hashed data as input, but I am not able to get the proper API.

I have used below code, but it’s not working. Please help me to get the correct API.

 

 

#include <openssl/evp.h>

#include <openssl/rsa.h>

 

EVP_PKEY_CTX *ctx;

unsigned char *md, *sig;

size_t mdlen, siglen;

EVP_PKEY *verify_key;

 

/*

  * NB: assumes verify_key, sig, siglen md and mdlen are already set up

  * and that verify_key is an RSA public key

  */

ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);

if (!ctx)

     /* Error occurred */

if (EVP_PKEY_verify_init(ctx) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)

     /* Error */

 

/* Perform operation */

ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

 

/*

  * ret == 1 indicates success, 0 verify failure and < 0 for some

  * other error.

  */

 

 

 

Best regards,

George Linta Maria


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Openssl api for signature verification using digest

Nicola
Hi!

I would suggest using the newer `EVP_DigestSign` interface.

You could find more documentation about it here: https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying


Best regards, 

Nicola Tuveri 

On Tue, Aug 28, 2018, 14:09 Linta Maria <[hidden email]> wrote:


Hi All,

 

 

I have started using open ssl recently for implementing some cryptographic operation.

Now I want to implement signature verification by taking Signature and hashed data as input, but I am not able to get the proper API.

I have used below code, but it’s not working. Please help me to get the correct API.

 

 

#include <openssl/evp.h>

#include <openssl/rsa.h>

 

EVP_PKEY_CTX *ctx;

unsigned char *md, *sig;

size_t mdlen, siglen;

EVP_PKEY *verify_key;

 

/*

  * NB: assumes verify_key, sig, siglen md and mdlen are already set up

  * and that verify_key is an RSA public key

  */

ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);

if (!ctx)

     /* Error occurred */

if (EVP_PKEY_verify_init(ctx) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)

     /* Error */

 

/* Perform operation */

ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

 

/*

  * ret == 1 indicates success, 0 verify failure and < 0 for some

  * other error.

  */

 

 

 

Best regards,

George Linta Maria

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Openssl api for signature verification using digest

Linta Maria
Thanks Nicola for the updates.
But I need to verify signature with hashed data or digest not with original message.
Is there any openssl API to implement that?

On Tue 28 Aug, 2018, 5:18 PM Nicola, <[hidden email]> wrote:
Hi!

I would suggest using the newer `EVP_DigestSign` interface.

You could find more documentation about it here: https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying


Best regards, 

Nicola Tuveri 

On Tue, Aug 28, 2018, 14:09 Linta Maria <[hidden email]> wrote:


Hi All,

 

 

I have started using open ssl recently for implementing some cryptographic operation.

Now I want to implement signature verification by taking Signature and hashed data as input, but I am not able to get the proper API.

I have used below code, but it’s not working. Please help me to get the correct API.

 

 

#include <openssl/evp.h>

#include <openssl/rsa.h>

 

EVP_PKEY_CTX *ctx;

unsigned char *md, *sig;

size_t mdlen, siglen;

EVP_PKEY *verify_key;

 

/*

  * NB: assumes verify_key, sig, siglen md and mdlen are already set up

  * and that verify_key is an RSA public key

  */

ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);

if (!ctx)

     /* Error occurred */

if (EVP_PKEY_verify_init(ctx) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)

     /* Error */

if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)

     /* Error */

 

/* Perform operation */

ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

 

/*

  * ret == 1 indicates success, 0 verify failure and < 0 for some

  * other error.

  */

 

 

 

Best regards,

George Linta Maria

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Openssl api for signature verification using digest

Viktor Dukhovni
In reply to this post by Linta Maria
[ Please post plain text, not HTML ]

> On Aug 28, 2018, at 7:08 AM, Linta Maria <[hidden email]> wrote:
>
> I have used below code, but it’s not working. Please help me to get the correct API.
>
> /*
>  * NB: assumes verify_key, sig, siglen md and mdlen are already set up
>  * and that verify_key is an RSA public key
>  */

In what form is the message digest?  Is it the raw digest octets,
or some hex or base64 encoding?  In what form is the signature?

> ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */);
> if (!ctx)
>      /* Error occurred */
>
> if (EVP_PKEY_verify_init(ctx) <= 0)
>      /* Error */
>
> if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
>      /* Error */
>
> if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
>      /* Error */

Since you're verifying a hash, do not configure a message
digest.

> /* Perform operation */
>
> ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);

This is the right function for verifying public key
signatures over some input.  For more help, post
the *public* key used, the signature and the input
digest.

You can find similar code in the source code of the
rsautl and pkeyutl commands.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users