RE: CryptVerifySignature failing with bad_signature error
- From: bearshare <julian@xxxxxxxxxxxxx>
- Date: Fri, 27 Jul 2007 14:50:04 -0700
Bose, I have same issue as you, have you find the problem?
Thanks
"Bose" wrote:
Hi All,.
I am trying to build a smart card authentication app. I create a context to
the smart card CSP and then obtain the AT_KEYEXCHANGE from the smart card
container. After this i am creating a hash using CryptCreateHash and the
hCryptProvHandle to the container on the smart card. When i retreive the
hash value, it is correct. (I have verified using openssl and hashcalc tool).
I then try to create a signature of the hash using CryptSignHash. This
results in a signed value.
I then try to do a cryptverifysignature but it fails with the error bad
signature.
I have verified that the hash data I am providing to CryptVerifySignature is
correct and so is the signature buffer. Could the public key be creating
problem here ?
I am following the general procedure shown in the sample code:
http://msdn2.microsoft.com/En-US/library/aa382371.aspx
Here's a snip of the code:
<snip>
// Get the user exchange key ------
if(!CryptGetUserKey(hCryptProv,
AT_KEYEXCHANGE,
&hUsrXchgKey))
{
lReturn = GetLastError();
printf("Failed CryptgetProvParam ! \n");
}
// get the pubkeyblob
if(!CryptExportKey(
hUsrXchgKey,
NULL,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen))
{
lReturn = GetLastError();
return -1;
}
if(!(pbKeyBlob = (BYTE*)malloc(dwBlobLen)))
{
lReturn = GetLastError();
return -1;
}
if(!CryptExportKey(
hUsrXchgKey,
NULL,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen))
{
lReturn = GetLastError();
return -1;
}
</snip>
.
.
<snip>
// Use CryptSignHash to sign the hash with private key of key exchange pair
// Determine the size of the signature and allocate memory and sign the hash
object
if(!CryptSignHash(
hHash,
AT_KEYEXCHANGE,
NULL,
0,
NULL,
&dwSigLen))
{
lReturn = GetLastError();
printf("Failed CryptSignHash ! \n");
} //
if(!(pbSignature = (BYTE *)malloc(dwSigLen)))
{
printf("Failed to allocalte memory\n");
}//
memset(pbSignature,0,dwSigLen);
if(!CryptSignHash(
hHash,
AT_KEYEXCHANGE,
NULL,
0,
pbSignature,
&dwSigLen))
{
lReturn = GetLastError();
printf("Failed CryptSignHash ! \n");
} //
// Destroy hash object
if(hHash)
CryptDestroyHash(hHash);
// Verify signature
hHash_val=NULL;
// get public key of encrypter
if(!CryptImportKey(
hCryptProv,
pbKeyBlob,
dwBlobLen,
0,
0,
&hPubKey))
{
lReturn = GetLastError();
return -1;
}
// Create a new hash object.
if(!CryptCreateHash(
hCryptProv,
CALG_SHA1,
0,
0,
&hHash_val))
{
lReturn = GetLastError();
return -1;
}
// Compute the cryptographic hash of the buffer.
if(!CryptHashData(
hHash,
data_buffer,
data_len,
0))
{
lReturn = GetLastError();
return -1;
}
// Validate the digital signature -- THIS FAILS WITH BAD SIGNATURE
if(!CryptVerifySignature(
hHash,
pbSignature,
dwSigLen,
hPubKey,
NULL,
0))
{
lReturn = GetLastError();
return -1;
}
// Destroy hash object
if(hHash)
CryptDestroyHash(hHash);
</snip>
- Follow-Ups:
- Prev by Date: Writing a Smart Card Minidriver (on PKCS#11)
- Next by Date: RE: CryptVerifySignature failing with bad_signature error
- Previous by thread: Writing a Smart Card Minidriver (on PKCS#11)
- Next by thread: RE: CryptVerifySignature failing with bad_signature error
- Index(es):
Relevant Pages
|
