Menu
▾
▴
Re: [Perl-openssl-users] Issue with sign/verify - Crypt::OpenSSL::RSA
|
From: Ian R. <ia...@re...> - 2006-06-28 14:59:59
|
On Mon, 2006-06-26 at 20:44 -0400, Jonathan Vanasco wrote:
> Hi-
>
> I'm trying to use Crypt::OpenSSL::RSA and running into some issues
>
> Generating is fine:
> sub generate_rsa {
> my $rsa= Crypt::OpenSSL::RSA->generate_key(1024);
> return {
> 'private'=> $rsa->get_private_key_string(),
> 'public'=> $rsa->get_public_key_string(),
> }
> }
>
> Signing is fine:
> sub sign_text_with_privatekey {
> my ( $text , $privatekey , $publickey)= @_;
> my $rsa= Crypt::OpenSSL::RSA->new_private_key($privatekey);
> my $signature= $rsa->sign($text);
> return $signature;
> }
>
> Verification is killing me though:
> sub verify_signature_with_text_and_publickey {
> my ( $signature , $text , $publickey )= @_;
> my $rsa= Crypt::OpenSSL::RSA->new_public_key($publickey);
> if ( $rsa->verify( $text , $signature ) {
> return 1;
> }
> return 0;
> }
>
> I'm going crazy on this.
> No matter what I do, so long as $publickey and $signature are
> compatible, verification succeeds.
So in otherwords, the following code:
sub verify_bad {
my ($public_key, $private_key) = @_;
my $sig = $private_key->sign("something");
return $public_key->verify("something else", $sig);
}
will return true?
I just added a couple unit tests to the test suite to check for this,
and didn't turn up any problems. Am I misunderstanding the bug? If so,
if you can send a complete piece of code demonstrating the bug, that
would be very helpful.
- Ian
> what am i missing?
>
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Perl-openssl-users mailing list
> Per...@li...
> https://lists.sourceforge.net/lists/listinfo/perl-openssl-users
|
