Answer the question
In order to leave comments, you need to log in
T
T
Tesla4o2019-05-31 14:19:13
Tesla4o, 2019-05-31 14:19:13
Why can't I verify a C++ signature made in Python?
I create public private keys in Python, after which I sign a private string, send a signature hex and a public key over the network, on the other side I check with C ++ code or Openssl / RSA_verify. And writes that the signature is not valid. I tried on the pluses to make the signature the same private and the same line, then the hex from the signature is generally different. I understand the algorithms are different for different lib / languages?
Here is how I create keys in Python:
public, private = rsa.newkeys(len_key)
pub = public.save_pkcs1()
pri = private.save_pkcs1()I'm making a signature
signatur = rsa.sign(data, rsa.PrivateKey.load_pkcs1(privateKey), 'SHA-512')I check on the pluses:
RSA_verify(NID_sha512, (const unsigned char*) text.c_str(), text.length(), (const unsigned char*) sign.c_str(), sign.length(), publicRSA);I tried to use pyOpenSSL in Python, but it did not help.
Who will tell you what? what's the bug?
2 answer(s)
@Tesla4o
@Zarom
S
SerJook, 2019-05-31 @Tesla4o
Because the RSA_verify input should be a hash of the data, not the data itself.
std::string text = "hello world";
SHA512_CTX sha_ctx = { 0 };
unsigned char digest[SHA512_DIGEST_LENGTH];
SHA512_Init(&sha_ctx);
SHA512_Update(&sha_ctx, text.data(), text.length());
SHA512_Final(digest, &sha_ctx);
if (RSA_verify(NID_sha512, digest, SHA512_DIGEST_LENGTH, (const unsigned char*)sign.data(), sign.length(), publicRSA) == 1) {
// Успех
}D
Dmitry Shitskov, 2019-05-31 @Zarom
It seems to me that there is a jamb in these constructions
A line in C ends with a \0 character
Before passing these parameters, trim 1 last character, or try specifying the length as text.length()-1
Similar questions
M
A
M
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question