Verifying RSA-SHA1 signature?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 12, 2016, Nikolay Kudryavtsev wrote:

> 
> Whenever I try to verify data signed with my own key, everything
> works. But for that data that I got from a third party nothing
> works. That third party is adamant that the signature is correct and
> it's RSA_SHA1, but they've been unwilling to explain the details on
> how they sign it and what they use to verify.
> 
> So what are the proper way of dealing with this?
> 

You can extract the expected digest using either rsautl or pkeyutl and the
public key. If that fails then there is a problem with either the key or the
format. If you can successfully extract the digest then you can try various
transormations on the input data in an attempt to get the same digest. 

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux