R
Russell Gantman
Guest
I have an application in which I need to validate the signature coming from a partner system.
I already have the partner's public key stored.
The signature comes to be in DER encoded format:
3045
0221
00af860b2728b95d3b3bdca739a50d9a827d2997e426fb38e9b6a1e4d36fe5577b (r)
0220
20697918ef29ead4da2755fa21963ec778dbcf9d259d50c18034a6fc130ed1a7 (s)
in this example one of the values (r I presume) has a leading zero because the value starts with AF (which makes it negative)
First I create the signature bytes by extracting them from the DER encoded string:
00af860b2728b95d3b3bdca739a50d9a827d2997e426fb38e9b6a1e4d36fe5577b
20697918ef29ead4da2755fa21963ec778dbcf9d259d50c18034a6fc130ed1a7
When I try to use Bcrypt::VerifySignature() I get an "invalid parameter" error
I have tried the following:
1) Remove the 00: I get invalid signature
2) Add a 00 to the "s" portion: I get "Invalid parameter"
Does anyone know how I can parse the signature so that CNG can validate the message.
FYI:Here is the call I use:
NTSTATUS result = BCryptVerifySignature(publicKeyHandle, NULL, hashToValidate, hashLength, signature, signatureLength, NULL);
publicKeyHandle = handle of imported PK from other system as BCRYPT_ECDSA_PUBLIC_P256_MAGIC
hashToValidate hash of message (SHA256)
hashLength (32)
Signature = bytes from above after extraction from DER
Signaure length: Number of bytes in my signature
Thanks
I skate to where the puck is going to be, not where it is. -Wayne Gretzky
Continue reading...
I already have the partner's public key stored.
The signature comes to be in DER encoded format:
3045
0221
00af860b2728b95d3b3bdca739a50d9a827d2997e426fb38e9b6a1e4d36fe5577b (r)
0220
20697918ef29ead4da2755fa21963ec778dbcf9d259d50c18034a6fc130ed1a7 (s)
in this example one of the values (r I presume) has a leading zero because the value starts with AF (which makes it negative)
First I create the signature bytes by extracting them from the DER encoded string:
00af860b2728b95d3b3bdca739a50d9a827d2997e426fb38e9b6a1e4d36fe5577b
20697918ef29ead4da2755fa21963ec778dbcf9d259d50c18034a6fc130ed1a7
When I try to use Bcrypt::VerifySignature() I get an "invalid parameter" error
I have tried the following:
1) Remove the 00: I get invalid signature
2) Add a 00 to the "s" portion: I get "Invalid parameter"
Does anyone know how I can parse the signature so that CNG can validate the message.
FYI:Here is the call I use:
NTSTATUS result = BCryptVerifySignature(publicKeyHandle, NULL, hashToValidate, hashLength, signature, signatureLength, NULL);
publicKeyHandle = handle of imported PK from other system as BCRYPT_ECDSA_PUBLIC_P256_MAGIC
hashToValidate hash of message (SHA256)
hashLength (32)
Signature = bytes from above after extraction from DER
Signaure length: Number of bytes in my signature
Thanks
I skate to where the puck is going to be, not where it is. -Wayne Gretzky
Continue reading...