[Help-gnutls] Re: verify signed data [solved]

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: verify signed data [solved]

From:	vsteiss
Subject:	[Help-gnutls] Re: verify signed data [solved]
Date:	Mon, 19 Mar 2007 16:50:19 +0100

> -----Ursprüngliche Nachricht-----
> Von: Simon Josefsson <address@hidden>
> Gesendet: 19.03.07 10:03:57
> An: Volker Steiß <address@hidden>
> CC: address@hidden
> Betreff: Re: verify signed data


> Volker Steiß <address@hidden> writes:
> 
> > Hello everybody,
> >
> > I am on a project using public-private-key methods and just tried using 
> > GnuTLS for this.
> > I am stuck at this point and hope someone can help me out:
> > First I created a public private key (it's long ago, so I cant tell you how 
> > I did it exactly).
> > I have created a signature with gnutls_x509_privkey_sign_data(PRIV_KEY), 
> > converted it to readable text with gnutls_hex_encode() and stored the 
> > result (Data + Signature) into a file.
> > Now I want to verify the created data: I read the data and the signature, 
> > decode the signature with gnutls_hex_decode() and try to verify it with 
> > gnutls_x509_privkey_verify_data(PUB_KEY). But here I get return code 0, 
> > which means no success.
> >
> > Verification overview:
> >>>>> - somecode
> > init_gnutls ()
> > ...
> > gnutls_hex_decode (&temp, signature.data, &signature.size)
> > ...
> > gnutls_x509_privkey_init (&key)
> > gnutls_x509_privkey_import (key, &key_datum, GNUTLS_X509_FMT_PEM)
> > result = gnutls_x509_privkey_verify_data (key, flags, &uid, &signature)
> > //result = 0
> > ...
> > <<<< - end of somecode
> >
> >
> > Btw: What I realize at "gnutls_hex_decode (&temp, signature.data, 
> > &signature.size)" is that temp.size is 512 bytes and signature.size also is 
> > 512. Am I wrong when I say: It should be smaller after decoding?
> 
> Did you check errors from all functions?  Hex decoding a 512 byte
> string should not give another 512 byte string.  Did you allocate a
> signature.data buffer before calling gnutls_hex_decode?
> 
> Btw, if you aren't sure that you must use these functions, you
> probably want to use a higher-layer message signature format instead
> of low-level sign/verify primitives.  Standard formats for this is
> OpenPGP (try GnuPG) and CMS/SMIME (try gpgsm).
> 
> /Simon
> 
Thanks for reply,

I just found out that neither gnutls_hex_decode() nor gnutls_hex_encode() reset 
the result_size.
My work arround for now is to set the size after enoding or decoding to the 
correct value.

Cheers
  Volker

_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Re: verify signed data [solved], vsteiss <=

Prev by Date: [Help-gnutls] Re: verify signed data
Next by Date: Re: [Help-gnutls] Re: Error making certificate [solved]
Previous by thread: [Help-gnutls] verify signed data
Next by thread: [Help-gnutls] virtual hosting with gnutls-serv?
Index(es):
- Date
- Thread