[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RSA sign/verify and hash generation functions
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: RSA sign/verify and hash generation functions |
Date: |
Wed, 08 Dec 2010 23:25:25 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10 |
On 12/08/2010 12:30 AM, Murray S. Kucherawy wrote:
> I got a fair bit further, but I'm stuck now with GnuTLS not generating the
> same signature as OpenSSL under the same circumstances. Anyone that can spot
> what I've missed, please do let me know.
>
> Here's what I'm doing:
>
> gnutls_datum_t rsa_out; /* output signature */
> gnutls_datum_t dd; /* SHA256 digest; size = 20 */
> gnutls_datum_t key; /* private key in PEM form */
> gnutls_x509_privkey_t privkey;
> gnutls_privkey_t rsa_key;
>
> key.data = <buffer containing PEM formatted private key>
> key.len = strlen(key.data);
>
> dd.data = (SHA256 of object to sign);
> dd.size = 20 (size of a SHA256 digest);
Why 20? SHA-1 is 20 bytes. SHA256 is 32 bytes.
> assert(gnutls_privkey_init(&rsa_key) == GNUTLS_E_SUCCESS);
> assert(gnutls_x509_privkey_init(&privkey) == GNUTLS_E_SUCCESS);
> assert(gnutls_x509_privkey_import(privkey, &key, GNUTLS_X509_FMT_PEM) ==
> GNUTLS_E_SUCCESS);
> assert(gnutls_privkey_import_x509(rsa_key, privkey, 0) == GNUTLS_E_SUCCESS);
> assert(gnutls_privkey_sign_hash(rsa_key, &dd, &rsa_out == GNUTLS_E_SUCCESS);
> At this point, comparing "rsa_out" in the GnuTLS case to the OpenSSL case
> reveals that rsa_out.size is the same, but the data in rsa_out.data is not.
> I haven't tried the public key verification code nor the public key
> extraction (In fact I haven't even found that yet).
Do you mean the gnutls_x509_crt_verify_hash()?
Which signing method do you use with openssl? In gnutls we support only
PKCS #1 1.5 signatures (that one required by TLS).
regards,
Nikos
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/01
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/06
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/07
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/08
- Re: RSA sign/verify and hash generation functions,
Nikos Mavrogiannopoulos <=
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/08
- Re: RSA sign/verify and hash generation functions, Alessandro Vesely, 2010/12/09
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/09
- Re: RSA sign/verify and hash generation functions, Alessandro Vesely, 2010/12/11
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/08
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/08
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/09
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/09
- Re: RSA sign/verify and hash generation functions, Nikos Mavrogiannopoulos, 2010/12/13
- RE: RSA sign/verify and hash generation functions, Murray S. Kucherawy, 2010/12/14