CryptoAPI:使用CryptVerifySignature验证带有公共密钥的openssl的签名 [英] CryptoAPI: Using CryptVerifySignature to verify a signature from openssl with public key

问题描述

我正在尝试将Mac的 AquaticPrime 框架移植到Windows.

I am trying to port the AquaticPrime framework for Mac to Windows.

在Mac上，它使用opensll库，我想了解如何将其移植到Windows，我想我必须在其中使用CryptoAPI.

On the Mac, it uses the opensll library, and I try to understand how to port this to Windows, where I have to use the CryptoAPI, I guess.

我主要需要使用给定公钥验证生成的签名的代码.

I mainly need the code for validation of the generated signature with a given public key.

这是使用openssl进行验证的方式:

Here's how verification is done with openssl:

1. 输入:许可证数据，公共密钥和签名，均长128个字节.
2. 从许可证数据中计算出SHA1摘要.
3. 使用公钥数据设置RSA上下文
4. 在给定RSA密钥和签名的情况下，调用RSA_public_decrypt()，该签名将返回一个20字节长的SHA1摘要-此摘要等于第2步中的摘要，则签名有效.

那么，我该如何使用CryptoAPI?我已经走了这么远:

So, how do I do this with CryptoAPI? I've gotten this far:

1. 以CryptAcquireContext(ctx，0，0，PROV_RSA_FULL，CRYPT_VERIFYCONTEXT)开头
2. 在

1. Start with CryptAcquireContext(ctx, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)
2. Use CryptImportKey with the help of this posting, with pubexp=3 and bitlen=1024. That all works, i.e. I get no errors, and I looked at the binary data to verify that it matches what the MSDN article shows.
3. Create a SHA1 digest from the license data. I've retrieved the resulting 20 byte hash value and see that it matches what I get with openssl on the Mac.

这时，我打电话给

CryptVerifySignature (hashHdl, sig, sigLen, keyHdl, 0, 0)

此操作失败，错误代码为ERROR_INVALID_PARAMETER.

This fails with error code ERROR_INVALID_PARAMETER.

奇怪的是，当我第一次不小心将两倍大的公钥存储到PUBLICKEYBLOB结构中时，我收到了NTE_BAD_SIGNATURE错误.这可能表明我现在传递的公钥是正确的.

The odd thing is that when I first accidentally had stored a twice as large public key into the PUBLICKEYBLOB structure, I received a NTE_BAD_SIGNATURE error instead. This might suggest that now the public key I am passing is correct.

那么为什么现在出现ERROR_INVALID_PARAMETER错误?我已经验证了哈希值是正确的，并且密钥似乎也被接受了. "sig"参数只是指向签名的128个字节的指针，而sigLen为128.

Why the ERROR_INVALID_PARAMETER error now, then? I've verified that the hash value is correct, and the key appears to be accepted, too. And the "sig" parameter is just a pointer to the 128 bytes of the signature, and sigLen is 128.

那么，我在这里想念什么?

So, what am I missing here?

推荐答案

好的，经过反复试验，我解决了这个问题.

OK, I solved the problem after lots of trial-and-error.

签名和公钥数据均为纯字节字符串形式时，都需要颠倒，即从第一个字节到最后一个位置，依此类推. 然后上面的工作.

Both the signature and the public key data, when in their pure byte string form, need to be reversed, i.e. first byte to last position, and so on. Then the above works.

这篇关于CryptoAPI:使用CryptVerifySignature验证带有公共密钥的openssl的签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！