c - Check if the file is correct using sha1withRsa via openssl functions -

-

hi, have file_data(xml format) , file_signature(asn1 der), , have certificate(x509 asn1 der). want check if file_data correct, have problems. i'm doing:

main idea: company creates file_data, using sha1 gets hash of file_data, , encrypts hash using rsa private key , gets file_signature. company sends me file_data , file_signature , certificate. public key certificate file_signature , decrypt file_signature using public key , hash_1. file_data , use sha1 hash_2. if hash_1 , hash_2 equal, can trust content of file_data, right?

implementation:

  1. load certificate: d2i_x509_fp() function. have certificate.
  2. get public key of certificate: x509_extract_key, have public key.
  3. now want load file_signature decrypt using public key, file_signature has asn1 der format how can load it, function in openssl should use?
  4. suppose read file_signature, must decrypt using public key, there api purpose?
  5. suppose decrypt file_signature , hash_1.
  6. now must load file_data , hash of using sha1 function hash_2, function must use? sha1(), or sha1_init, sha1_update, sha1_finish?
  7. suppose hash_1 , hash_2, how must compare them, using memcmp?
  8. suppose compare them, if equal, can use file_data.

another question file_signature 128 byte len , when decrypt 128 byte hash_1(am rigth) , when hash of file_data hash_2 it's length 20 bytes, how can compare them, or misunderstand something?

thanks help! p.s. sorry english;).

if file_signature of 128 bytes, not asn.1 encoded. 128 bits key length of 1024 bit key (on low side nowadays, check keylength.com). hashes not directly encrypted if rsa used: first wrapped within asn.1 structure, , padded, according pkcs#1 v1.5 (google it).

normally don't perform hashing separately rsa encrypt. libraries openssl contain functions perform verification hash automatically calculated (no doubt openssl_verify()). functions compare you.

note need establish trust public key, otherwise attacker generate random key pair , send different public key attackers signed data. public keys trusted using direct communication beforehand, or using pki infrastructure (certificate chains).


Comments

Post a Comment

Popular posts from this blog

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

fortran - Function return type mismatch -

-
i'm attempting recode old c++ program in fortran make use of lapack (i'm aware c++ have lapack++, i'm having lot of trouble installing it, gave up). i didn't have problems compilation, when had variables declared real . when started coding section of program required lapack, found parameters passed dsyev need double precision . tried change double precision (including changing hard coded numbers double precision counterparts, i.e. 0.0 -> 0.0d0) when try compile, following error of functions , subroutines i've written: error: return type mismatch of function <function> @ (1) (real(4)/real(8)) i'm not sure coming from, in program has been changed double precision. for example, i've declared following: double precision :: alpha(3),d(3),zeta1,zeta2 double precision :: a1(3),a2(3),d1(3),d2(3) double precision :: pi pi = 3.14159265359d0 alpha = (/0.109818d0, 0.405771d0, 2.22766d0/) d = (/0.444635d0, 0.535328d0, 0.154329d0 /) 10 i=1,3 ...
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more