Last active
November 18, 2020 15:37
-
-
Save sakamoto-poteko/396f289682089e1d767e to your computer and use it in GitHub Desktop.
OpenSSL verify RSA signature, read RSA public key from X509 PEM certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <openssl/pem.h> | |
| #include <openssl/rsa.h> | |
| void verifyRSASignature(unsigned char *originalMessage, unsigned int om_length, | |
| unsigned char *signature, unsigned siglen) | |
| { | |
| int result; | |
| FILE *file; | |
| X509 *x509; | |
| EVP_PKEY *evp_pubkey; | |
| RSA *rsa_pubkey; | |
| file = fopen("developer_signer.pem", "r"); | |
| x509 = PEM_read_X509(file, NULL, NULL, NULL); | |
| evp_pubkey = X509_get_pubkey(x509); | |
| rsa_pubkey = EVP_PKEY_get1_RSA(evp_pubkey); | |
| result = RSA_verify(NID_md5, originalMessage, om_length, | |
| signature, siglen, rsa_pubkey); | |
| printf("Signature is %s\n", result == 1 ? "valid" : "invalid"); | |
| RSA_free(rsa_pubkey); | |
| EVP_PKEY_free(evp_pubkey); | |
| X509_free(x509); | |
| fclose(file); | |
| } |
Yep, you're right.
…On Tue, Aug 20, 2019 at 1:18 AM paxter ***@***.***> wrote:
This function is wrong. originalMessage has to be the message digest.
Check out the manpage:
https://www.openssl.org/docs/man1.1.1/man3/RSA_verify.html
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://gist.github.com/396f289682089e1d767e?email_source=notifications&email_token=ABFWDOFRAW7COXTNSGL7CQ3QFLIWRA5CNFSM4IND6EL2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFXIBS#gistcomment-3002393>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABFWDOH7624N67ZGKN5CYJ3QFLIWRANCNFSM4IND6ELQ>
.
--
Regards.
Afa.L Cheng
Disclaimer:
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message, which arise as a result of e-mail
transmission. If verification is required please request a hard-copy
version.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This function is wrong.
originalMessagehas to be the message digest. Check out the manpage: https://www.openssl.org/docs/man1.1.1/man3/RSA_verify.html