Signature Verification

> Hello,
>
> I've been trying to verify the signature from the following xml data:
>
> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>
> using this signature:
>
> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>
> These two strings above are being sent from a server as one file which I parse into the two separate strings making sure white space has been removed from the xml as that was how it was signed.  The signature was created with RSA & SHA512.
>
> I'm using a C program to verify and have tried numerous attemps with no sucess.  The openssl release is 0.9.8k.  The vars sigDat and xmlDat are the respective strings.  The code is as  follows (some parts left out for simplicity):
>
> fp = fopen (filePubKey, "r");
>
> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>
> EVP_VerifyInit (&md_ctx, EVP_sha1());
>
> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>
> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>
> EVP_PKEY_free (pkey);
>
> Any ideas as to what is wrong.  Another part of the project here involves java and the programmer working on that says that he can verify the signature so I know that the data is correct.
>
> Thank You,
>
> Jim Welch
>
>
>
>  

> Hi,
>
> In your description you say that the signature was created with SHA256 but
> in your code you are using SHA-1 through EVP_sha1. Replace this with
> EVP_sha256 to have a correct processing.
> Also, your data seems to be BASE64 encoded and you are computing the
> digest directly on the BASE64 string. You should convert this BASE64
> string to the corresponding byte array and then compute the digest on this
> byte array.
>
> I hope this will help.
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> Jim Welch wrote:
>> Hello,
>>
>> I've been trying to verify the signature from the following xml data:
>>
>> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module
>> code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module
>> code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module
>> code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>>
>> using this signature:
>>
>> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
>> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
>> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
>> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
>> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
>> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
>> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
>> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
>> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>>
>> These two strings above are being sent from a server as one file which I
>> parse into the two separate strings making sure white space has been
>> removed from the xml as that was how it was signed.  The signature was
>> created with RSA & SHA512.
>>
>> I'm using a C program to verify and have tried numerous attemps with no
>> sucess.  The openssl release is 0.9.8k.  The vars sigDat and xmlDat are
>> the respective strings.  The code is as  follows (some parts left out for
>> simplicity):
>>
>> fp = fopen (filePubKey, "r");
>>
>> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>>
>> EVP_VerifyInit (&md_ctx, EVP_sha1());
>>
>> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>>
>> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>>
>> EVP_PKEY_free (pkey);
>>
>> Any ideas as to what is wrong.  Another part of the project here involves
>> java and the programmer working on that says that he can verify the
>> signature so I know that the data is correct.
>>
>> Thank You,
>>
>> Jim Welch
>>
>>
>>
>>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...
> Automated List Manager                           majordomo@...

> Hi,
>
> Thank you for the response.  It was sha512 not 256.  I changed it to
> EVP_sha512 in the code but it still won't verify.  On the verify
> final, I've tried it both with and without a Base64 converted string
> (and corresponding length).  I'm not sure from what I've read if the
> PEM_read_PUBKEY does a Base64 conversion on the Public Key or not and
> I'm not sure where to look in the pkey to find out.
>
> Jim
>
> ----- Original Message ----- From: "Mounir IDRASSI"
> <mounir.idrassi@...>
> To: <openssl-users@...>
> Sent: Friday, November 06, 2009 3:55 PM
> Subject: Re: Signature Verification
>
>
>> Hi,
>>
>> In your description you say that the signature was created with
>> SHA256 but in your code you are using SHA-1 through EVP_sha1. Replace
>> this with EVP_sha256 to have a correct processing.
>> Also, your data seems to be BASE64 encoded and you are computing the
>> digest directly on the BASE64 string. You should convert this BASE64
>> string to the corresponding byte array and then compute the digest on
>> this byte array.
>>
>> I hope this will help.
>> Cheers,
>> --
>> Mounir IDRASSI
>> IDRIX
>> http://www.idrix.fr
>>
>> Jim Welch wrote:
>>> Hello,
>>>
>>> I've been trying to verify the signature from the following xml data:
>>>
>>> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module
>>> code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>> code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>> code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>>>
>>>
>>> using this signature:
>>>
>>> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
>>>
>>> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
>>>
>>> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
>>>
>>> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
>>>
>>> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
>>>
>>> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
>>>
>>> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
>>>
>>> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
>>>
>>> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>>>
>>>
>>> These two strings above are being sent from a server as one file
>>> which I parse into the two separate strings making sure white space
>>> has been removed from the xml as that was how it was signed.  The
>>> signature was created with RSA & SHA512.
>>>
>>> I'm using a C program to verify and have tried numerous attemps with
>>> no sucess.  The openssl release is 0.9.8k.  The vars sigDat and
>>> xmlDat are the respective strings.  The code is as  follows (some
>>> parts left out for simplicity):
>>>
>>> fp = fopen (filePubKey, "r");
>>>
>>> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>>>
>>> EVP_VerifyInit (&md_ctx, EVP_sha1());
>>>
>>> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>>>
>>> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>>>
>>> EVP_PKEY_free (pkey);
>>>
>>> Any ideas as to what is wrong.  Another part of the project here
>>> involves java and the programmer working on that says that he can
>>> verify the signature so I know that the data is correct.
>>>
>>> Thank You,
>>>
>>> Jim Welch
>>>
>>>
>>>
>>>
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@...
>> Automated List Manager                           majordomo@...
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...
> Automated List Manager                           majordomo@...

> Hi,
>
> You must also handle BASE64 decoding in EVP_VerifyUpdate not only
> EVP_VerifyFinal. Those two functions must have as input the byte arrays
> that represent the binary data and the binary signature respectively.
> Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then
> everything is OK with the public key and you don't have to worry.
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
>
> Jim Welch wrote:
>> Hi,
>>
>> Thank you for the response.  It was sha512 not 256.  I changed it to
>> EVP_sha512 in the code but it still won't verify.  On the verify final,
>> I've tried it both with and without a Base64 converted string (and
>> corresponding length).  I'm not sure from what I've read if the
>> PEM_read_PUBKEY does a Base64 conversion on the Public Key or not and I'm
>> not sure where to look in the pkey to find out.
>>
>> Jim
>>
>> ----- Original Message ----- From: "Mounir IDRASSI"
>> <mounir.idrassi@...>
>> To: <openssl-users@...>
>> Sent: Friday, November 06, 2009 3:55 PM
>> Subject: Re: Signature Verification
>>
>>
>>> Hi,
>>>
>>> In your description you say that the signature was created with SHA256
>>> but in your code you are using SHA-1 through EVP_sha1. Replace this with
>>> EVP_sha256 to have a correct processing.
>>> Also, your data seems to be BASE64 encoded and you are computing the
>>> digest directly on the BASE64 string. You should convert this BASE64
>>> string to the corresponding byte array and then compute the digest on
>>> this byte array.
>>>
>>> I hope this will help.
>>> Cheers,
>>> --
>>> Mounir IDRASSI
>>> IDRIX
>>> http://www.idrix.fr
>>>
>>> Jim Welch wrote:
>>>> Hello,
>>>>
>>>> I've been trying to verify the signature from the following xml data:
>>>>
>>>> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module
>>>> code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>> code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>> code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>>>>
>>>> using this signature:
>>>>
>>>> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
>>>> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
>>>> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
>>>> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
>>>> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
>>>> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
>>>> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
>>>> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
>>>> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>>>>
>>>> These two strings above are being sent from a server as one file which
>>>> I parse into the two separate strings making sure white space has been
>>>> removed from the xml as that was how it was signed.  The signature was
>>>> created with RSA & SHA512.
>>>>
>>>> I'm using a C program to verify and have tried numerous attemps with no
>>>> sucess.  The openssl release is 0.9.8k.  The vars sigDat and xmlDat are
>>>> the respective strings.  The code is as  follows (some parts left out
>>>> for simplicity):
>>>>
>>>> fp = fopen (filePubKey, "r");
>>>>
>>>> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>>>>
>>>> EVP_VerifyInit (&md_ctx, EVP_sha1());
>>>>
>>>> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>>>>
>>>> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>>>>
>>>> EVP_PKEY_free (pkey);
>>>>
>>>> Any ideas as to what is wrong.  Another part of the project here
>>>> involves java and the programmer working on that says that he can
>>>> verify the signature so I know that the data is correct.
>>>>
>>>> Thank You,
>>>>
>>>> Jim Welch
>>>>
>>>>
>>>>
>>>>
>>>
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> User Support Mailing List                    openssl-users@...
>>> Automated List Manager                           majordomo@...
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@...
>> Automated List Manager                           majordomo@...
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...
> Automated List Manager                           majordomo@...

> Hello Again,
>
> The code is there to check for a non-null pkey.  It wasn't copied to
> keep the original message shorter.  I've now made sure that I've
> Base64'd the xml string and Base64'd the signature string.  These are
> what I'm giving to the EVP_VerifyUpdate and EVP_VerifyFinal.  Still
> not verifying.
>
> Thanks Again,
>
> Jim
> ----- Original Message ----- From: "Mounir IDRASSI"
> <mounir.idrassi@...>
> To: <openssl-users@...>
> Sent: Friday, November 06, 2009 5:11 PM
> Subject: Re: Signature Verification
>
>
>> Hi,
>>
>> You must also handle BASE64 decoding in EVP_VerifyUpdate not only
>> EVP_VerifyFinal. Those two functions must have as input the byte
>> arrays that represent the binary data and the binary signature
>> respectively.
>> Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then
>> everything is OK with the public key and you don't have to worry.
>>
>> Cheers,
>> --
>> Mounir IDRASSI
>> IDRIX
>> http://www.idrix.fr
>>
>>
>> Jim Welch wrote:
>>> Hi,
>>>
>>> Thank you for the response.  It was sha512 not 256.  I changed it to
>>> EVP_sha512 in the code but it still won't verify.  On the verify
>>> final, I've tried it both with and without a Base64 converted string
>>> (and corresponding length).  I'm not sure from what I've read if the
>>> PEM_read_PUBKEY does a Base64 conversion on the Public Key or not
>>> and I'm not sure where to look in the pkey to find out.
>>>
>>> Jim
>>>
>>> ----- Original Message ----- From: "Mounir IDRASSI"
>>> <mounir.idrassi@...>
>>> To: <openssl-users@...>
>>> Sent: Friday, November 06, 2009 3:55 PM
>>> Subject: Re: Signature Verification
>>>
>>>
>>>> Hi,
>>>>
>>>> In your description you say that the signature was created with
>>>> SHA256 but in your code you are using SHA-1 through EVP_sha1.
>>>> Replace this with EVP_sha256 to have a correct processing.
>>>> Also, your data seems to be BASE64 encoded and you are computing
>>>> the digest directly on the BASE64 string. You should convert this
>>>> BASE64 string to the corresponding byte array and then compute the
>>>> digest on this byte array.
>>>>
>>>> I hope this will help.
>>>> Cheers,
>>>> --
>>>> Mounir IDRASSI
>>>> IDRIX
>>>> http://www.idrix.fr
>>>>
>>>> Jim Welch wrote:
>>>>> Hello,
>>>>>
>>>>> I've been trying to verify the signature from the following xml data:
>>>>>
>>>>> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module
>>>>> code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>>> code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>>> code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>>>>>
>>>>>
>>>>> using this signature:
>>>>>
>>>>> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
>>>>>
>>>>> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
>>>>>
>>>>> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
>>>>>
>>>>> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
>>>>>
>>>>> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
>>>>>
>>>>> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
>>>>>
>>>>> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
>>>>>
>>>>> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
>>>>>
>>>>> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>>>>>
>>>>>
>>>>> These two strings above are being sent from a server as one file
>>>>> which I parse into the two separate strings making sure white
>>>>> space has been removed from the xml as that was how it was
>>>>> signed.  The signature was created with RSA & SHA512.
>>>>>
>>>>> I'm using a C program to verify and have tried numerous attemps
>>>>> with no sucess.  The openssl release is 0.9.8k.  The vars sigDat
>>>>> and xmlDat are the respective strings.  The code is as  follows
>>>>> (some parts left out for simplicity):
>>>>>
>>>>> fp = fopen (filePubKey, "r");
>>>>>
>>>>> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>>>>>
>>>>> EVP_VerifyInit (&md_ctx, EVP_sha1());
>>>>>
>>>>> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>>>>>
>>>>> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>>>>>
>>>>> EVP_PKEY_free (pkey);
>>>>>
>>>>> Any ideas as to what is wrong.  Another part of the project here
>>>>> involves java and the programmer working on that says that he can
>>>>> verify the signature so I know that the data is correct.
>>>>>
>>>>> Thank You,
>>>>>
>>>>> Jim Welch
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> ______________________________________________________________________
>>>> OpenSSL Project                                 http://www.openssl.org
>>>> User Support Mailing List                    openssl-users@...
>>>> Automated List Manager                           majordomo@...
>>>
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> User Support Mailing List                    openssl-users@...
>>> Automated List Manager                           majordomo@...
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@...
>> Automated List Manager                           majordomo@...
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...
> Automated List Manager                           majordomo@...

> Hi,
>
> In order to help you further, can you post :
>   - The data to be hashed which is the content of your variable xmlDat
>   - The signature to be verified which is the content of your variable
> sigDat (maybe it's what you posted first)
>   - The public key that will be used for the verification
>   - The endianess of the the signature. It should be big endian as
> expected by OpenSSL
>
> And just one last confirmation : In your first email, you posted some
> BASE64 data that you say is the signature. This data is 512 bytes long. So
> this would mean that the key used is a 4096 bit RSA key. Is this correct?
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> Jim Welch wrote:
>> Hello Again,
>>
>> The code is there to check for a non-null pkey.  It wasn't copied to keep
>> the original message shorter.  I've now made sure that I've Base64'd the
>> xml string and Base64'd the signature string.  These are what I'm giving
>> to the EVP_VerifyUpdate and EVP_VerifyFinal.  Still not verifying.
>>
>> Thanks Again,
>>
>> Jim
>> ----- Original Message ----- From: "Mounir IDRASSI"
>> <mounir.idrassi@...>
>> To: <openssl-users@...>
>> Sent: Friday, November 06, 2009 5:11 PM
>> Subject: Re: Signature Verification
>>
>>
>>> Hi,
>>>
>>> You must also handle BASE64 decoding in EVP_VerifyUpdate not only
>>> EVP_VerifyFinal. Those two functions must have as input the byte arrays
>>> that represent the binary data and the binary signature respectively.
>>> Concerning PEM_read_PUBKEY, if it returns a non NULL pointer then
>>> everything is OK with the public key and you don't have to worry.
>>>
>>> Cheers,
>>> --
>>> Mounir IDRASSI
>>> IDRIX
>>> http://www.idrix.fr
>>>
>>>
>>> Jim Welch wrote:
>>>> Hi,
>>>>
>>>> Thank you for the response.  It was sha512 not 256.  I changed it to
>>>> EVP_sha512 in the code but it still won't verify.  On the verify final,
>>>> I've tried it both with and without a Base64 converted string (and
>>>> corresponding length).  I'm not sure from what I've read if the
>>>> PEM_read_PUBKEY does a Base64 conversion on the Public Key or not and
>>>> I'm not sure where to look in the pkey to find out.
>>>>
>>>> Jim
>>>>
>>>> ----- Original Message ----- From: "Mounir IDRASSI"
>>>> <mounir.idrassi@...>
>>>> To: <openssl-users@...>
>>>> Sent: Friday, November 06, 2009 3:55 PM
>>>> Subject: Re: Signature Verification
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> In your description you say that the signature was created with SHA256
>>>>> but in your code you are using SHA-1 through EVP_sha1. Replace this
>>>>> with EVP_sha256 to have a correct processing.
>>>>> Also, your data seems to be BASE64 encoded and you are computing the
>>>>> digest directly on the BASE64 string. You should convert this BASE64
>>>>> string to the corresponding byte array and then compute the digest on
>>>>> this byte array.
>>>>>
>>>>> I hope this will help.
>>>>> Cheers,
>>>>> --
>>>>> Mounir IDRASSI
>>>>> IDRIX
>>>>> http://www.idrix.fr
>>>>>
>>>>> Jim Welch wrote:
>>>>>> Hello,
>>>>>>
>>>>>> I've been trying to verify the signature from the following xml data:
>>>>>>
>>>>>> <license_data><version>1.0</version><serial>EC1000-0900018</serial><mac>00:54:66:18:3A:40</mac><module
>>>>>> code="impedance"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>>>> code="multimeter"><start>2000-01-01</start><end>2099-12-31</end></module><module
>>>>>> code="sulfation"><start>2000-01-01</start><end>2099-12-31</end></module><cookie>AA80A2A7119FD4F1C122080E1AD17490</cookie></license_data>
>>>>>>
>>>>>> using this signature:
>>>>>>
>>>>>> C4S953HqB8S/SZ8nOO5IgGA0Vm3BxHT8vByWJFG2gn/OrBKc45QvjEdX855bb9p8KdSa1YQt3nnv
>>>>>> p6MCA+5YCDePEIuYpbTYzAIJ9p7zqpJsXzb8YlDpw4qpf0TSbCCEFZZReSRSAxlE2gH/SOvPAjRY
>>>>>> ykvxbjrgMQ07Jf/ae4lX+CaBxA/Az8efhsBDyT6wCPECkj1SiufTtVA2MAt9Bf76Y1T5RnHph/kf
>>>>>> Hj3/osgrMKKbIPhii2nPktMH223QfgmTOtHxw21ahi2vcSnADb9p1WIjDiq/gLk0uisT/p0g4MZb
>>>>>> SKNOct3MRqgv64wtyUD+W/+8/yGQK+/IXNIhgKoKsvuwR242c7RpF+HdVZRrfeIQMnUAAo/7q+rS
>>>>>> AzRJO7L7xoXYvFOmVxvjRZP8Rhw445N6bnLwLxANFNvyoo5ykGdocBUEBMD5sC3TipYUti39mso2
>>>>>> dsqSMwtRhPDw9dzf6evwG3+Qo0ewLVap3pNu8XzBrXxCM6pv7IydmekiHvSF6OFrt/rPUA2pXyuU
>>>>>> njhD/twe0+n5fLlSTZ6w/D898e/blvFUroQbmaI8Rr7AE9fZY0KJBuc73YgPTXOnm4Iqc/5vMwId
>>>>>> j27g+JGWEzjyAtNIBo9Su0/9LE1IVPyZgAjquBEmKEAcQQjnW4D8kj2mllJLRwI00e1TAwE9Klo=
>>>>>>
>>>>>> These two strings above are being sent from a server as one file
>>>>>> which I parse into the two separate strings making sure white space
>>>>>> has been removed from the xml as that was how it was signed.  The
>>>>>> signature was created with RSA & SHA512.
>>>>>>
>>>>>> I'm using a C program to verify and have tried numerous attemps with
>>>>>> no sucess.  The openssl release is 0.9.8k.  The vars sigDat and
>>>>>> xmlDat are the respective strings.  The code is as  follows (some
>>>>>> parts left out for simplicity):
>>>>>>
>>>>>> fp = fopen (filePubKey, "r");
>>>>>>
>>>>>> pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
>>>>>>
>>>>>> EVP_VerifyInit (&md_ctx, EVP_sha1());
>>>>>>
>>>>>> EVP_VerifyUpdate (&md_ctx, xmlDat, strlen(xmlDat));
>>>>>>
>>>>>> err = EVP_VerifyFinal (&md_ctx, sigDat, strlen(sigDat), pkey);
>>>>>>
>>>>>> EVP_PKEY_free (pkey);
>>>>>>
>>>>>> Any ideas as to what is wrong.  Another part of the project here
>>>>>> involves java and the programmer working on that says that he can
>>>>>> verify the signature so I know that the data is correct.
>>>>>>
>>>>>> Thank You,
>>>>>>
>>>>>> Jim Welch
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ______________________________________________________________________
>>>>> OpenSSL Project                                 http://www.openssl.org
>>>>> User Support Mailing List                    openssl-users@...
>>>>> Automated List Manager                           majordomo@...
>>>>
>>>> ______________________________________________________________________
>>>> OpenSSL Project                                 http://www.openssl.org
>>>> User Support Mailing List                    openssl-users@...
>>>> Automated List Manager                           majordomo@...
>>>
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> User Support Mailing List                    openssl-users@...
>>> Automated List Manager                           majordomo@...
>>
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-users@...
>> Automated List Manager                           majordomo@...
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...
> Automated List Manager                           majordomo@...