RE: CryptVerifySignature failing with bad_signature error
- From: Bose <Bose@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 28 Jul 2007 01:34:03 -0700
bearshare,
The problem turned out to be with the way the SHA1 hash was being generated
for my file. Once that was fixed, everything worked fine.
Thanks
Bose.
"bearshare" wrote:
Bose, I have same issue as you, have you find the problem?.
Thanks
"Bose" wrote:
Hi All,
I am trying to build a smart card authentication app. I create a context to
the smart card CSP and then obtain the AT_KEYEXCHANGE from the smart card
container. After this i am creating a hash using CryptCreateHash and the
hCryptProvHandle to the container on the smart card. When i retreive the
hash value, it is correct. (I have verified using openssl and hashcalc tool).
I then try to create a signature of the hash using CryptSignHash. This
results in a signed value.
I then try to do a cryptverifysignature but it fails with the error bad
signature.
I have verified that the hash data I am providing to CryptVerifySignature is
correct and so is the signature buffer. Could the public key be creating
problem here ?
I am following the general procedure shown in the sample code:
http://msdn2.microsoft.com/En-US/library/aa382371.aspx
Here's a snip of the code:
<snip>
// Get the user exchange key ------
if(!CryptGetUserKey(hCryptProv,
AT_KEYEXCHANGE,
&hUsrXchgKey))
{
lReturn = GetLastError();
printf("Failed CryptgetProvParam ! \n");
}
// get the pubkeyblob
if(!CryptExportKey(
hUsrXchgKey,
NULL,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen))
{
lReturn = GetLastError();
return -1;
}
if(!(pbKeyBlob = (BYTE*)malloc(dwBlobLen)))
{
lReturn = GetLastError();
return -1;
}
if(!CryptExportKey(
hUsrXchgKey,
NULL,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen))
{
lReturn = GetLastError();
return -1;
}
</snip>
.
.
<snip>
// Use CryptSignHash to sign the hash with private key of key exchange pair
// Determine the size of the signature and allocate memory and sign the hash
object
if(!CryptSignHash(
hHash,
AT_KEYEXCHANGE,
NULL,
0,
NULL,
&dwSigLen))
{
lReturn = GetLastError();
printf("Failed CryptSignHash ! \n");
} //
if(!(pbSignature = (BYTE *)malloc(dwSigLen)))
{
printf("Failed to allocalte memory\n");
}//
memset(pbSignature,0,dwSigLen);
if(!CryptSignHash(
hHash,
AT_KEYEXCHANGE,
NULL,
0,
pbSignature,
&dwSigLen))
{
lReturn = GetLastError();
printf("Failed CryptSignHash ! \n");
} //
// Destroy hash object
if(hHash)
CryptDestroyHash(hHash);
// Verify signature
hHash_val=NULL;
// get public key of encrypter
if(!CryptImportKey(
hCryptProv,
pbKeyBlob,
dwBlobLen,
0,
0,
&hPubKey))
{
lReturn = GetLastError();
return -1;
}
// Create a new hash object.
if(!CryptCreateHash(
hCryptProv,
CALG_SHA1,
0,
0,
&hHash_val))
{
lReturn = GetLastError();
return -1;
}
// Compute the cryptographic hash of the buffer.
if(!CryptHashData(
hHash,
data_buffer,
data_len,
0))
{
lReturn = GetLastError();
return -1;
}
// Validate the digital signature -- THIS FAILS WITH BAD SIGNATURE
if(!CryptVerifySignature(
hHash,
pbSignature,
dwSigLen,
hPubKey,
NULL,
0))
{
lReturn = GetLastError();
return -1;
}
// Destroy hash object
if(hHash)
CryptDestroyHash(hHash);
</snip>
- References:
- RE: CryptVerifySignature failing with bad_signature error
- From: bearshare
- RE: CryptVerifySignature failing with bad_signature error
- Prev by Date: RE: CryptVerifySignature failing with bad_signature error
- Next by Date: Re: Writing a Smart Card Minidriver (on PKCS#11)
- Previous by thread: RE: CryptVerifySignature failing with bad_signature error
- Index(es):
Relevant Pages
|
|
