c - Check if the file is correct using sha1withRsa via openssl functions -

-

hi, have file_data(xml format) , file_signature(asn1 der), , have certificate(x509 asn1 der). want check if file_data correct, have problems. i'm doing:

main idea: company creates file_data, using sha1 gets hash of file_data, , encrypts hash using rsa private key , gets file_signature. company sends me file_data , file_signature , certificate. public key certificate file_signature , decrypt file_signature using public key , hash_1. file_data , use sha1 hash_2. if hash_1 , hash_2 equal, can trust content of file_data, right?

implementation:

  1. load certificate: d2i_x509_fp() function. have certificate.
  2. get public key of certificate: x509_extract_key, have public key.
  3. now want load file_signature decrypt using public key, file_signature has asn1 der format how can load it, function in openssl should use?
  4. suppose read file_signature, must decrypt using public key, there api purpose?
  5. suppose decrypt file_signature , hash_1.
  6. now must load file_data , hash of using sha1 function hash_2, function must use? sha1(), or sha1_init, sha1_update, sha1_finish?
  7. suppose hash_1 , hash_2, how must compare them, using memcmp?
  8. suppose compare them, if equal, can use file_data.

another question file_signature 128 byte len , when decrypt 128 byte hash_1(am rigth) , when hash of file_data hash_2 it's length 20 bytes, how can compare them, or misunderstand something?

thanks help! p.s. sorry english;).

if file_signature of 128 bytes, not asn.1 encoded. 128 bits key length of 1024 bit key (on low side nowadays, check keylength.com). hashes not directly encrypted if rsa used: first wrapped within asn.1 structure, , padded, according pkcs#1 v1.5 (google it).

normally don't perform hashing separately rsa encrypt. libraries openssl contain functions perform verification hash automatically calculated (no doubt openssl_verify()). functions compare you.

note need establish trust public key, otherwise attacker generate random key pair , send different public key attackers signed data. public keys trusted using direct communication beforehand, or using pki infrastructure (certificate chains).


Comments

Post a Comment

Popular posts from this blog

how to build hyperlink for query string in php -

-
i have question, how can add variable in current url book.php?action=addressbook i want add book.php?action=addressbook&page=2 how generate hyperlink this, have tried using $_server['php_self'] query string not included in url showing that book.php?page=2 i want append other variables query string please you can use http_build_query(); append more params url $params = $_get; $params["item"] = 45; $new_query_string = http_build_query($params); for instance: $data = array('page'=> 34, 'item' => 45); echo http_build_query($data); //page=34&item=45 or include amp echo http_build_query($data, '', '&'); //page=34&&item=45
Read more

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more