Howto use libgrcypt for signature?

Stephan Mueller smueller at
Fri May 27 11:53:15 CEST 2016

Am Freitag, 27. Mai 2016, 10:35:08 schrieb Stef Bon:

Hi Stef,

> Hi,
> I'm writing a fuse fs for sftp, and using libgcrypt for encryption,
> hmac, digest and dh.
> Now I m working on the checking of the signature of H send by the
> sender. The client creates also H,
> and has to check the signature of H using the public key.
> I've got the signature of H from the server, H and the public hostkey
> of the server as string (length, buffer).
> How to go futher? I know I have to use the function  gcry_pk_verify, but
> how?
> Do I have to convert the strings to some s-expressions using a format first?

some example code:

static int libgcrypt_rsa_sigver(struct rsa_sigver_data *data)
        gcry_sexp_t s_data = NULL;
        gcry_sexp_t s_key = NULL;
        gcry_sexp_t s_sig = NULL;
        int algo = 0;
        int mode = 0;
        int ret = 1;
        gpg_error_t err;
        unsigned char hash[64];
        unsigned int hashsize;
        gcry_mpi_t n = NULL;
        gcry_mpi_t e = NULL;
        gcry_mpi_t sig = NULL;


        if (libgcrypt_cipher(data->cipher, 0, &algo, &mode))
                return 1;

        hashsize = gcry_md_get_algo_dlen(algo);
        if (!hashsize || hashsize > sizeof hash) {
                dolog(LOG_WARN, "digest too long for buffer or unknown hash 
                return 1;

        /* Generate and convert the hash */
        gcry_md_hash_buffer(algo, hash, data->msg.buf, data->msg.len);
        err = gcry_sexp_build (&s_data, NULL,
                               "(data (flags pkcs1)(hash %s %b))",
                               gcry_md_algo_name(algo), (int)hashsize, hash);
        if (err) {
                dolog(LOG_WARN, "gcry_sexp_build failed for RSA data input: 
                      gpg_strerror (err));
                return 1;

        /* Convert public key */
        err = gcry_mpi_scan(&n, GCRYMPI_FMT_USG,
                            data->n.buf, data->n.len, NULL);
        if (err) {
                dolog(LOG_WARN, "error scanning RSA parameter n: %s\n", 
                goto out;
        err = gcry_mpi_scan(&e, GCRYMPI_FMT_USG,
                            data->e.buf, data->e.len, NULL);
        if (err) {
                dolog(LOG_WARN, "error scanning RSA parameter e: %s\n", 
                goto out;
        err = gcry_sexp_build(&s_key, NULL, "(public-key(rsa(n%m)(e%m)))", n, 
        if (err) {
                dolog(LOG_WARN, "error building S-expression: %s\n", 
gpg_strerror (err));
                goto out;

        /* Convert signature */
        err = gcry_mpi_scan(&sig, GCRYMPI_FMT_USG,
                            data->sig.buf, data->sig.len, NULL);
        if (err) {
                dolog(LOG_WARN, "error scanning RSA parameter signature: 
%s\n", gpg_strerror(err));
                goto out;
        err = gcry_sexp_build(&s_sig, NULL, "(sig-val(rsa(s %m)))", sig);
        if (err) {
                dolog(LOG_WARN, "error building S-expression: %s\n", 
gpg_strerror (err));
                goto out;

        /* sig verification */
        err = gcry_pk_verify(s_sig, s_data, s_key);
        if (!err)
                ret = 0;
        else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE)
                ret = -1;
                ret = 1;

        if (n)
        if (e)
        if (sig)
        if (s_sig)
                gcry_sexp_release (s_sig);
        if (s_key)
                gcry_sexp_release (s_key);
        if (s_data)
                gcry_sexp_release (s_data);

        return ret;
> Thanks in advance,
> Stef
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at


More information about the Gcrypt-devel mailing list