Problem about correct performance of RSA Sign and Verify code?

Hello
I use of RSA sign and verify code in my program such below:


//sign a message
c_message.GetWindowText(s);
// Output: Signed Message M
byte signature[256];

AutoSeededRandomPool rng;
StringSource privArray(privkey1,privkeysize,true,NULL);
RSASSA_PKCS1v15_SHA_Signer priv(privArray);

// Sign Away...
StringSource((const char *)s.GetString(), true,
         new SignerFilter( rng, priv,
             new  ArraySink(signature,256)
                           )// SignerFilter
                           ); //  StringSource


//Verify signature
string message = "Yoda said, Do or Do Not. There is not try.";
//Verify signature
// Load Public Key
StringSource pubArray(pubkey1,pubsize, true,NULL);
StringSource SignatureArray( signature,priv.SignatureLength(),
         true,NULL);
// Verifier Object
RSASSA_PKCS1v15_SHA_Verifier pub(pubArray);
// Sanity Check
if (SignatureArray.MaxRetrievable() != pub.SignatureLength())
                m_List.AddString(L"Signature Array Size Problem");

 SecByteBlock Signature( pub.SignatureLength() );
 SignatureArray.Get( Signature, Signature.size());
 // Prepare Verifier
 VerifierFilter *verifierFilter =new VerifierFilter(pub);
 verifierFilter->Put(Signature, pub.SignatureLength());
 // Invoke Verifier
 StringSource(message/*(const char *)s.GetString()*/, true,
verifierFilter );
 // Paydirt
 if( false == verifierFilter->GetLastResult() )
        m_List.AddString(L"Signature Verification Failed");
    m_List.AddString(L"Signature Verified");

First of code, I get the message is to be signed in "s" parameter(of
type "CString"), then I place signature value in a byte array named
"signature",…..
If  I use string "s" in verify section, I see correct result in output
("Signature Verified"),
Now, if I change the message in verify section with this one,
( string message = "Yoda said, Do or Do Not. There is not try.";)
I will expect verification failure,because the new message should not
be matched with previous signature,but I see ("Signature Verified")
again!

What's the problem?


Also,I need to zero the public key in part of my program as following:

for(int i=0;i<pubsize;i++)
    pubkey1[i]=0;

And then I get a diagnostic as below:

Unhandled exception at 0x7c812aeb in program.exe: Microsoft C++
exception: CryptoPP::BERDecodeErr at memory location 0x0012dc9c..

in this line:
RSASSA_PKCS1v15_SHA_Verifier pub(pubArray);
Related to " inline void BERDecodeError() {throw BERDecodeErr();" line
of " asn.h" file!

How could I suppress this problem?

And a general problem:
When I use CryptoPP library compiled with Multi-threaded Debug DLL (/
MDd) switch in my project, I get 4 warnings as below:

Crypto++
1>C:\ config.h(434) : warning RC4011: identifier truncated to
'CRYPTOPP_MANUALLY_INSTANTIATE_T'

1>C:\ config.h(448) : warning RC4011: identifier truncated to
'CRYPTOPP_MANUALLY_INSTANTIATE_T'

1>C:\ secblock.h(488) : warning RC4011: identifier truncated to
'_STLP_DONT_SUPPORT_REBIND_MEMBE'

1>C:\ osrng.h(143) : warning RC4011: identifier truncated to
'CRYPTOPP_ENABLE_COMPLIANCE_WITH'

What is the reason of these warnings?

Thanks in Advance.
Gary

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

> c_message.GetWindowText(s);
I suspect the string is Unicode.

On Jun 6, 5:54 am, Gary <b.rostami...@...> wrote: --~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

Hi jeff!
Yes, my project is compiled in UNICODE mode;
Now what's problem with this code and what should I do?
Regards.

On Jun 6, 6:32 pm, Jeffrey Walton <noloa...@...> wrote: --~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

Hi dear Jeff!

I tried "RSASignVer" code which is available in "Wiki" site,it's
character set is non-UNICODE (MultiByte);

I changed "message" string in this code and expected to get
("Signature Verification Failed" )
But I saw ("Signature Verified") again!!

In your opinion,What's this problem's reason?

Regards.
Gary




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

Dear Jeff!

I changed the mentioned code as below:

#include "stdafx.h"
#include "rsa.h"
#include "osrng.h"   // PRNG
#include "hex.h"     // Hex Encoder/Decoder
#include "files.h"   // File Source and Sink
#include "filters.h"

int main(int argc, char* argv[])
{
   try
   {
      // Files
      std::string PublicKeyFile = "key.pb";
      std::string SignedFile = "message.sig";

      std::cout << "Public Key File: " << PublicKeyFile.c_str() <<
std::endl;
      std::cout << "Signature File: " << SignedFile.c_str() <<
std::endl;

      // Message M
      std::string message = "Yoda said, Do or Do Not. There is not
try.";

      // Load Public Key
      CryptoPP::FileSource pubFile( PublicKeyFile.c_str(), true,
         new CryptoPP::HexDecoder );

      // Verifier Object
      CryptoPP::RSASSA_PKCS1v15_SHA_Verifier pub(pubFile);

      // Intialize File Source
      CryptoPP::FileSource SignatureFile( SignedFile.c_str(),
         true, new CryptoPP::HexDecoder);

      // Sanity Check
      if (SignatureFile.MaxRetrievable() != pub.SignatureLength())
         { throw std::string( "Signature File Size Problem" ); }

      CryptoPP::SecByteBlock signature( pub.SignatureLength() );
      SignatureFile.Get( signature, signature.size() );

      // Prepare Verifier
      CryptoPP::VerifierFilter *verifierFilter =
         new CryptoPP::VerifierFilter(pub);
      verifierFilter->Put(signature, pub.SignatureLength());

      // Invoke Verifier
     // CryptoPP::StringSource( message, true, verifierFilter );
          CryptoPP::StringSource( message, true, new Redirector
(verifierFilter,PASS_EVERYTHING));

      // Paydirt
          if( false == verifierFilter->GetLastResult() )
         { throw std::string( "Signature Verification Failed" ); }

      std::cout << std::endl << "Signature Verified" << std::endl;

   } // try

   catch( CryptoPP::Exception& e ) {
      std::cerr << "Error: " << e.what() << std::endl;
   }

   catch (...) {
      std::cerr << "Unknown Error" << std::endl;
   }

   return 0;
}


But I get this errors:



Compiling...
RSASignVer.cpp
d:\rsasignver.cpp(64) : error C2061: syntax error : identifier
'Redirector'

d:\rsasignver.cpp(64) : error C2065: 'PASS_EVERYTHING' : undeclared
identifier

d:\rsasignver.cpp(64) : error C2143: syntax error : missing ';' before
')'

d:\rsasignver.cpp(64) : error C2143: syntax error : missing ';' before
')'

RSASignVer - 4 error(s), 0 warning(s)

What's the problem?


How do you change this code to work properly?

Best Regards.
Gary



On Jun 7, 11:53 pm, Gary <b.rostami...@...> wrote: --~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

namespaces...

On 6/9/09, Gary <b.rostamiyan@...> wrote:
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---