Signature Verification using GPG

Christoph Rachinger christoph.rachinger at
Tue Mar 8 14:53:05 CET 2011

Hello everyone,

I hope that this is the right place for my question - if not please
forgive me. Anyway, any form of help will is appreciated.

I'm currently trying to write a kernel module that checks digital
signatures of binaries. For the cryptographic part I'm using the
sourcecode of GPG 1.4.11 (the SHA1 computation, the RSA verifcation and
the MPI part) - I think I made everything correctly, but that it would

Some Infos:
For the sake of simplicity we can assume that the keys are correctly
initalized and both the hash that was signed as well as the signature
itself (i.e. the whole packet as specified by RFC 4880) was read
Now I compute the new hash over the old hash plus the trailer (parts of
the packet body plus some 6-byte information), convert this new hash as
well as the original signature to an MPI and call rsa_verify().
But it just won't work.

And finally my code, I left out all error handling to keep it compact - so
it should be pretty self-explanatory, but I'll answer every question if
somethings unclear ofcouse:

Again, it would be great if someone could help me.
If this was the wrong place to ask, please tell me also (maybe with a hint
where to ask instead :))


More information about the Gnupg-users mailing list