Problem with gcry_pk_verify

Jean-Philippe Garcia Ballester giga at le-pec.org
Sat Aug 13 16:05:06 CEST 2005


On Thu, Aug 11, 2005 at 09:57:14PM +0200, Moritz Schulte wrote :
> Jean-Philippe Garcia Ballester wrote:
> 
> >   I'm using libgcrypt to make a SSH library. So I build a sexp :
> > gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %m))",bn);
> > where bn is the mpi where the hash is stocked. The problem is that when
> > the most significant bit is set, the sexp is built like this :
> > (data 
> >  (flags pkcs1)
> >  (hash sha1 #00D5FAD16E753FEEC40B696EC82D1E602A4D5C1302#)
> >  )
> 
> Use the %b format character instead of %m; %b lets you insert memory
> buffers directly, regardles of MPI formating.  %b expects two arguments:
> one of size_t and a pointer to the memory buffer.

Thanks. This works for RSA host key verification.
But I still got a problem with DSA host key verification. The sexp is
build like this :
(data
 (flags raw)
 (value #9092EA3A02CD3738DD71DAE3FEAD27F3FC22A30F#)
 )
The problem is that it fails with Invalid Object (the mpi scanning fails
because it's negative). If I put 0s, it fails with Invalid DSA
signature.
When the first bit of the hash is not set, it works perfectly.
How should I do?
Regards,

-- 
Jean-Philippe Garcia Ballester
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050813/33719365/attachment.pgp


More information about the Gcrypt-devel mailing list