Signature Verification using GPG

Christoph Rachinger christoph.rachinger at ce.stud.uni-erlangen.de
Tue Mar 8 14:53:05 CET 2011


Hello everyone,

I hope that this is the right place for my question - if not please
forgive me. Anyway, any form of help will is appreciated.

I'm currently trying to write a kernel module that checks digital
signatures of binaries. For the cryptographic part I'm using the
sourcecode of GPG 1.4.11 (the SHA1 computation, the RSA verifcation and
the MPI part) - I think I made everything correctly, but that it would
work...

Some Infos:
For the sake of simplicity we can assume that the keys are correctly
initalized and both the hash that was signed as well as the signature
itself (i.e. the whole packet as specified by RFC 4880) was read
correctly.
Now I compute the new hash over the old hash plus the trailer (parts of
the packet body plus some 6-byte information), convert this new hash as
well as the original signature to an MPI and call rsa_verify().
But it just won't work.

And finally my code, I left out all error handling to keep it compact - so
it should be pretty self-explanatory, but I'll answer every question if
somethings unclear ofcouse:
http://pastebin.com/gs99VdmF



Again, it would be great if someone could help me.
If this was the wrong place to ask, please tell me also (maybe with a hint
where to ask instead :))

Regards,
Chris







More information about the Gnupg-users mailing list