santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oepnssl q <opens...@yahoo.com>
Subject Re: [c++] Signature node
Date Tue, 04 Nov 2003 17:08:44 GMT
Thanks,
I tried use the same private key for verfication, but it throws a exception saying: OpenSSL:RSA::verify()-Error
Decrypting signature. It is at the mark "question 2" in the code.
 
My verficatioin always return false, at the mark "question 1" in the code.
 
Here is my code:
 
OpenSSLCryptoKeyDSA* ReadDSAKey(char *filename, char* password)
{
 OpenSSLCryptoKeyDSA* pDSAKey = NULL;
 EVP_PKEY* pOpenSSLKey = ReadOpenSSLKey(filename, password);
 if (pOpenSSLKey){
  if (pOpenSSLKey->type == EVP_PKEY_DSA) {
   pDSAKey = new OpenSSLCryptoKeyDSA(pOpenSSLKey);
  }
 }
 EVP_PKEY_free(pOpenSSLKey);
 return pDSAKey;
}
DOMNode* SignNode(DOMDocument* pDoc)
{
 XSECProvider prov;
 DSIGSignature *sig;
 DOMElement *sigNode = NULL;
 try{
  sig = prov.newSignature();
  sig->setDSIGNSPrefix(MAKE_UNICODE_STRING("ds"));
  sigNode = (DOMElement*)sig->createBlankSignature(
     pDoc, 
     CANON_C14N_COM, 
     SIGNATURE_RSA, 
     HASH_SHA1);
  DSIGReference * ref = sig->createReference(MAKE_UNICODE_STRING(""));
  ref->appendEnvelopedSignatureTransform();
  m_pRSAKey = ReadRSAKey("MyPrivateKey.pem", "PASSWORD");;
  
  sig->setSigningKey(m_pRSAKey->clone());
  sig->sign();
\\  sig->verify(); \\question 2
 }catch (XSECException &e){
  ...
 }catch (XSECCryptoException &e) {
  ...
 }
 return sigNode;
}
BOOL VerifyNode(DOMDocument* pDoc)
{
 BOOL r = FALSE;
 XSECProvider prov;
 try{
  DSIGSignature * sig = prov.newSignatureFromDOM(pDoc);
  OpenSSLCryptoX509 * x509 = new OpenSSLCryptoX509();
  x509->loadX509Base64Bin(cert, strlen(cert));
  sig->load();
  sig->setSigningKey(OpenSSLKeyIO::ReadCertificate("MyCertificate.pem"));
  r = sig->verify();\\question 1
 }catch (XSECException &e){
 }
 catch (XSECCryptoException &e) {
 }
 return r;
}
int main()
{
 XMLPlatformUtils::Initialize();
 XSECPlatformUtils::Initialise();
 XercesDOMParser m_pParser = ::new XercesDOMParser();
 
    m_pParser->setValidationScheme(XercesDOMParser::Val_Auto);
    m_pParser->setDoNamespaces(false);
    m_pParser->setDoSchema(false);
    m_pParser->setValidationSchemaFullChecking(false);
    m_pParser->setCreateEntityReferenceNodes(false);
    m_pParser->parse("MyXmlFile.xml");
 if (m_pParser){
  m_pDoc = m_pParser->getDocument();
  if (m_pDoc){
   DOMNode* pSignNode = SignNode(m_pDoc);
   if (pSignNode){
    ...\\add pSignNode to m_pDoc
    bool r = VerifyNode(m_pDoc);
   }
  }
 }
 
 return 0;
}

 

Berin Lautenbach <berin@ozemail.com.au> wrote:
O,

Two questions - have you tried simply verifying using the same private 
key? (That will tell you whether the basic sign has gone wrong 
somewhere or the transfer of the cert has gone wrong.)

Alternatively, can you post a small snippet of code showing what you are 
doing so we can have a look-see?

(BTW - As warning - am about to disappear again for 4 days, so you might 
not see an answer to the snippet of code until after the weekend.)

Cheers,
Berin


oepnssl q wrote:
> Thank you for your email.
> 
> The sign is now working. But I have difficulty for verification. This is 
> what I did:
> 
> 1.) use openssl command line to generate a key file:
> openssl genrsa -des3 -out privkey.pem 2048
> 2) load the key as in example "templatesign" and sign my whole document.
> 3) use openssl command line to generate a certificate file from my key file:
> openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
> 4) open the certificate file with a text editor and copy the content to 
> a string in my program.
> 5) verificate the same document just like simpleValidate example.
> 
> But the verification always return false.
> 
> Help,please.
> 
> Thanks,
> 
> O
> 
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Exclusive Video Premiere - Britney Spears 
> 
> 


---------------------------------
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
Mime
View raw message