Problem with gcry_pk_verify
Jean-Philippe Garcia Ballester
giga at le-pec.org
Sat Aug 13 16:05:06 CEST 2005
On Thu, Aug 11, 2005 at 09:57:14PM +0200, Moritz Schulte wrote :
> Jean-Philippe Garcia Ballester wrote:
>
> > I'm using libgcrypt to make a SSH library. So I build a sexp :
> > gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %m))",bn);
> > where bn is the mpi where the hash is stocked. The problem is that when
> > the most significant bit is set, the sexp is built like this :
> > (data
> > (flags pkcs1)
> > (hash sha1 #00D5FAD16E753FEEC40B696EC82D1E602A4D5C1302#)
> > )
>
> Use the %b format character instead of %m; %b lets you insert memory
> buffers directly, regardles of MPI formating. %b expects two arguments:
> one of size_t and a pointer to the memory buffer.
Thanks. This works for RSA host key verification.
But I still got a problem with DSA host key verification. The sexp is
build like this :
(data
(flags raw)
(value #9092EA3A02CD3738DD71DAE3FEAD27F3FC22A30F#)
)
The problem is that it fails with Invalid Object (the mpi scanning fails
because it's negative). If I put 0s, it fails with Invalid DSA
signature.
When the first bit of the hash is not set, it works perfectly.
How should I do?
Regards,
--
Jean-Philippe Garcia Ballester
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050813/33719365/attachment.pgp
More information about the Gcrypt-devel
mailing list