On Apr 20, 4:11 pm, Saran <sar...@gmail.com> wrote: > I am doing the algorithm certs test for RSA Sig(Gen) and Sig(Ver). > > The issue I have is.., > > When output file created from my Sig(Gen) is injected to my Sig(Ver), > the "verification" is successfull. > > But when I inject the sample vectors( from RSA SigVer15.req) gotten > from NIST site, "verification" of all the vectors fails... > > I tried functions like SEC_SignData/VFY_VerifyData and PK11_Sign/ > PK11_Verify... for signing and verification, both results the sameway > as I mentioned above... > > What is wrong? > > Is it something wrong with the format??? The above functions doen'st > support PKCS#1 1.5 format??? > > Any help will be appreciated... > > Thanks!!!
I found the issue... When I was doing the signing and the verification, I did the hashing of the message (msg) calling SHAXXX_HashBuf, followed by SEC_SignData (for signing) and VFY_VerifyData (for verification) with SEC_OID_PKCS1_SHAXXX_WITH_RSA_ENCRYPTION flag... The issue it does a double hash... its like Hash( Hash(msg)). And no wonder my own generated signatures were passing :) With SEC_OID_PKCS1_SHAXXX_WITH_RSA_ENCRYPTION flag SEC_SignData and VFY_VerifyData already does the Hashing for you with the appropriate SHA algorithm and you don't need to do it before... Anyway, thanks for all the help I got for different questions I posted on this forum.... Cheers :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
