CryptoAPI: How to verify a DSA signature from OpenSSL or Java using CryptVerifySignature -

April 15, 2014

i able verify openssl-generated dsa signature using microsoft cryptoapi.

consider have following inputs:

an existing dsa public key:
the data verified
a binary signature

the signature has been converted base64 series of 48 bytes.

without knowledge of cryptoapi, more difficult should be.

the major stumbling blocks were:

decode x509 dsa public key using cryptstringtobinarya , cryptdecodeobjectex
convert dsa signature format
- openssl's dsa_sign produces dsa signature in asn.1 der format
- cryptoapi's cryptverifysignature expects dsa signature in p1363 format

here's rough sample of how solved problem:

const char* pubkey =  "miibtjccassgbyqgsm44baewggeeaogbanw/k8nyrektrmvishnjtsawxf33hau4"                       .....                       "/fegaibbop31rjq9ufaj2t06en0t0b+dp1hjz/mfpgtpoxhqf3dqndra3ot1fstp";  bool verify(const unsigned char* msgdata, unsigned int msglength, const unsigned char* signature, unsigned int signaturelength) {     hcryptprov hcryptprov;     if (!cryptacquirecontext(&hcryptprov, null, null, prov_dss, crypt_verifycontext))     {         return false;     }      bool result = false;      unsigned char derpubkey[2048];     dword  derpubkeylen = 2048;     cert_public_key_info *publickeyinfo = null;     dword  publickeyinfolen = 0;      if ( cryptstringtobinarya( pubkey, strlen(pubkey), crypt_string_base64, derpubkey, &derpubkeylen, null, null ) &&          cryptdecodeobjectex( x509_asn_encoding, x509_public_key_info, derpubkey, derpubkeylen,                                crypt_encode_alloc_flag, null, &publickeyinfo, &publickeyinfolen ) )     {         hcryptkey hpubkey;         if (cryptimportpublickeyinfo(hcryptprov, x509_asn_encoding, publickeyinfo, &hpubkey))         {             hcrypthash hhash;             if (cryptcreatehash(hcryptprov, calg_sha1, 0, 0, &hhash))             {                 crypthashdata(hhash, msgdata, msglength, 0);                  byte* dsasignature = null;                 dword dsasignaturelen = 0;                 if (cryptdecodeobjectex( x509_asn_encoding, x509_dss_signature, signature, signaturelength,                                          crypt_encode_alloc_flag, null, &dsasignature, &dsasignaturelen ) )                 {                     if (cryptverifysignature(hhash, dsasignature, dsasignaturelen, hpubkey, null, 0))                     {                         result = true;                     }                     localfree(dsasignature);                 }                  cryptdestroyhash(hhash);             }             cryptdestroykey(hpubkey);         }         localfree(publickeyinfo);     }     cryptreleasecontext(hcryptprov, 0);     return result; }

Search This Blog

Assebmley

CryptoAPI: How to verify a DSA signature from OpenSSL or Java using CryptVerifySignature -

Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

php - How can I stop spam on my custom forum/blog? -