On Sep 7, 1:34 pm, Nelson B Bolyard <nel...@bolyard.me> wrote: > On 2010-09-06 08:17 PDT, Xavier Toth wrote: > > > I'm trying to verify the signature of a file I've signed but I don't > > understand where to get the sigAlgorithm and hash to pass to > > VFY_CreateContextWithAlgorithmID. > > I presume you've read the description of these parameters > inhttp://mxr.mozilla.org/security/source/security/nss/lib/cryptohi/cryp... > > In particular, note that the description tells us that the "hash" argument > is "optional" (meaning that you can pass NULL as the argument value for this > parameter) and that when present, it is the address into which the function > returns (outputs) the type of hash that it found within the signature > itself. Not all types of signatures embed that information, > and for them, the hash info must be input, using one of the other variants > of this function. > > > I've googled looking for some sample code using the VFY_ apis to verify > > signatures but I haven't found anything that I could build off of. > > http://mxr.mozilla.org/security/search?string=VFY_CreateContext > reveals that there are 3 variants of VFY_CreateContext, including > VFY_CreateContextDirect and VFY_CreateContextWithAlgorithmID. > > It also reveals that, within the Mozilla code that uses NSS, there > are NO callers of VFY_CreateContextDirect, and only one caller of > VFY_CreateContextWithAlgorithmID. All the rest use the original > VFY_CreateContext function. Still, I think that one example ought to > suffice. > > > Shouldn't I be able to get these from the public key and/or signature > > itself? > > Some public keys support multiple types of signature algorithms. You must > tell the VFY function which of the signature algorithms to use. Many > (most?) of the "standard" signature formats record that information > explicitly in the form of an OID, but some do not. > > -- > /Nelson Bolyard
I appreciate your response however I must say that the one example is pretty useless (possibly because this is my first time working with NSS). I've hacked up something to try but I've now encountered a compilation error that I don't understand. Has anyone else seen this? The source includes: #include "nss.h" #include "cert.h" #include "key.h" #include "sechash.h" #include "cryptohi.h" make[1]: Entering directory `/home/tedx/sidecar/cds-sidecar-library/ common/src' cc -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing- format-attribute -g3 -O0 -gdwarf-2 -fno-strict-aliasing -I. -I../ include -D_GNU_SOURCE -I/usr/include/nss3 -I/usr/include/nspr4 `xml2- config --cflags` -fprofile-arcs -ftest-coverage -fPIC -c -o nss_signing.o nss_signing.c nss_signing.c: In function ‘spl_nssVerifySignature’: nss_signing.c:172: error: storage size of ‘vfy_context’ isn’t known cc1: warnings being treated as errors nss_signing.c:172: error: unused variable ‘vfy_context’ make[1]: *** [nss_signing.o] Error 1 make[1]: Leaving directory `/home/tedx/sidecar/cds-sidecar-library/ common/src' make: *** [all] Error 1 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
