Re: Computing Hash

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 11:39:36 +0200

ASN1 DER format stores numbers in big-endian. CryptVerfySignature takes
signature in little-endian. ASN1 DER means that it isn't actual signature,
but encoded that at least has integer tag '02' and data length before big
integer in big-endian format. So, you have to strip out all DER encoding and
reverse signature bytes (the things CryptVerifyDetachedMessageSignature does
for you and what I've told you to do in my message where I first mentioned
CryptVerifySignature).

-Valery.
http://www.harper.no/valery

"Param" <Param@discussions.microsoft.com> wrote in message
news:C10CB511-AE87-4B81-8933-BCF1B88339CD@microsoft.com...
> pbSignature is actual signature in the der format
> and fileLen is the length of the pbSignature.
> from this signature only i got the certificate and publickey
> as u told if the parameters are wrong what extra check i have to perform
>
> the same signature i am able to verify with the
> CryptVerifyDetachedMessageSignature
>
> "Valery Pryamikov" wrote:
>
>> That means that you passed parameters wrong.
>> btw, what fileLen has to do with the length of pbSignature? if you have
>> detached signature, in separate file, it probably encoded with ASN1 and
>> filelen would not be size of signature, but size of encoded blob
>> including
>> tags, oid and envelope. You have to pass signature only (large integer
>> number) in little-endian format to the CryptVerifySignature. if
>> parameters
>> are passed correctly and signature matches, then api is guaranteed to
>> work.
>>
>> -Valery.
>> http://www.harper.no/valery
>>
>> "Param" <Param@discussions.microsoft.com> wrote in message
>> news:AA0BAAD9-ECDA-47D9-A743-E0485ACFF8D2@microsoft.com...
>> > Hello,
>> > I am getting NTE_BAD_SIGNATURE error in the CryptVerifySignature
>> >
>> > CryptVerifySignature(hHash,
>> > pbSignature,
>> > fileLen,
>> > hPubKey,
>> > NULL,
>> > 0))
>> >
>> >
>> > "Valery Pryamikov" wrote:
>> >
>> >> Just call CryptHashData while as you streaming your data and pass hash
>> >> to
>> >> CryptVerifySignature.
>> >> You only have to make sure that you pass pbSignature in little endian
>> >> format
>> >> (ASN1 encodded format holds it in big-endian, so you just need to
>> >> reverse
>> >> bytes)
>> >>
>> >> -Valery.
>> >> http://www.harper.no/valery
>> >>
>> >> "Param" <Param@discussions.microsoft.com> wrote in message
>> >> news:BAFF8FE3-86F3-4CA4-A3C9-87E0DA0B9970@microsoft.com...
>> >> > nothing
>> >> > i am asking about signature verification
>> >> >
>> >> > "Valery Pryamikov" wrote:
>> >> >
>> >> >> What stops you from calling CryptHashData while as you streaming
>> >> >> your
>> >> >> data?
>> >> >>
>> >> >> -Valery.
>> >> >> http://www.harper.no/valery
>> >> >>
>> >> >> "Param" <Param@discussions.microsoft.com> wrote in message
>> >> >> news:04630EF7-172B-4D8E-A0C0-023A855DCF5D@microsoft.com...
>> >> >> > That means i need to call CryptHashData in a loop until i pass
>> >> >> > the
>> >> >> > last
>> >> >> > chunk
>> >> >> > of data.
>> >> >> > need to set any flag for tha last chunk of data.
>> >> >> >
>> >> >> > Actually my requirement is different.
>> >> >> > I need to verify a large file signature.
>> >> >> > I am getting all the details from the detached signature(pkcs7).
>> >> >> > signer
>> >> >> > info
>> >> >> > etc..
>> >> >> > I am not able to check for the data intigrity part(hash checking)
>> >> >> > bcs
>> >> >> > of
>> >> >> > the
>> >> >> > huge
>> >> >> > amount of the data .
>> >> >> > Is there any other method for doing so(streaming)
>> >> >> > thanx in adv....
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > "Valery Pryamikov" wrote:
>> >> >> >
>> >> >> >> Hi,
>> >> >> >> you simply create hash with CryptCreateHash, call CryptHashData
>> >> >> >> passing
>> >> >> >> it
>> >> >> >> with chunks of data while as you read it and call
>> >> >> >> CryptGetHashParam(...,
>> >> >> >> HP_HASHVAL, ...) to get hash value when you ready with feeding
>> >> >> >> data
>> >> >> >> in.
>> >> >> >>
>> >> >> >> -Valery.
>> >> >> >> http://www.harper.no/valery
>> >> >> >>
>> >> >> >> "Param" <Param@discussions.microsoft.com> wrote in message
>> >> >> >> news:B3EE380A-F720-41A2-866D-9F201EBBD145@microsoft.com...
>> >> >> >> > Hi,
>> >> >> >> > How do i create hash of a 500MB using CryptoAPI?
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>

Relevant Pages

  • Re: CryptoAPI interface to use ?
    ... I am trying to use CryptVerifyDetachedMessageSignature to verify the ... digital signature applied on a message. ...
    (microsoft.public.platformsdk.security)
  • Re: Computing Hash
    ... It is C# aplication targeted compact framework and there i have some code ... > I have a signature prodused by CryptSignMessage ... >> reverse signature bytes (the things CryptVerifyDetachedMessageSignature ...
    (microsoft.public.platformsdk.security)
  • RE: HELP: VerifySignature
    ... clear text so it can check the signature? ... > CryptVerifyDetachedMessageSignature() ... Has anybody verified signatures generated with OpenSSL using ... >> with that function I have no access to hash, to reverse it. ...
    (microsoft.public.platformsdk.security)
  • Re: Computing Hash
    ... I have a signature prodused by CryptSignMessage ... How do i convert into little-endian. ... ASN1 DER means that it isn't actual signature, ... >> CryptVerifyDetachedMessageSignature ...
    (microsoft.public.platformsdk.security)
  • Re: Computing Hash
    ... Signature could be also packed in the sequence together with algorithm oid ... > ASN1 DER format stores numbers in big-endian. ... > do in my message where I first mentioned CryptVerifySignature). ...
    (microsoft.public.platformsdk.security)