I am trying to migrate AquaticPrime for Mac framework to Windows.
On a Mac, it uses the opensll library, and I'm trying to figure out how to port this to Windows, where I have to use CryptoAPI, I think.
I basically need code to verify the generated signature with the given public key.
Here's how to check with openssl:
- : license data, public key and signature, 128 bytes long.
- SHA1 data collection is calculated according to license data.
- RSA context is configured with public key data
- RSA_public_decrypt () is called, taking into account the RSA key and signature, which returns a 20-byte SHA1 digest - this is the digest equal to the value from step 2, the signature is valid.
So how do I do this using CryptoAPI? I got this far:
- Start with CryptAcquireContext (ctx, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)
- Use CryptImportKey with this , with pubexp = 3 and bitlen = 1024. This all works, that is, I get no errors, and I looked at the binary data to make sure that it matches what the MSDN article shows.
- Create a SHA1 digest from the license data. I got the received 20-byte hash value and see that it matches what I get with openssl on Mac.
At this moment, I call:
CryptVerifySignature (hashHdl, sig, sigLen, keyHdl, 0, 0)
This is not with the error code ERROR_INVALID_PARAMETER.
The odd thing is that when I accidentally saved a double public key in the PUBLICKEYBLOB structure, I got an NTE_BAD_SIGNATURE error instead. This may mean that now the public key that I am passing is correct.
Why is the ERROR_INVALID_PARAMETER error now? I checked that the hash value is correct, and the key is also considered accepted. And the "sig" parameter is just a pointer to 128 bytes of signature, and sigLen is 128.
So what am I missing here?
openssl rsa cryptoapi aquaticprime
Thomas Tempelmann
source share