OpenSSL RSA signature and PKCS#1 padding incorrect verification

0
votes

I am generating an RSA signature of some data, using SHA-1 as the hash function, and PKCS#1 padding as the padding scheme, from a program in C++ interfacing with a smart card reader successfully. I can verify the signature quickly with a simple Java application using the java.security package, and it works fine.

However, when I try to use OpenSSL's EVP_PKEY_verify(), it does not pass. If I use EVP_PKEY_verify_recover(), and I compare the hash of the original data (through a simple command line call) and the result of verify_recover, I get ~almost~ the same thing.

SHA1(original) = xyz recover(signature) = xyz0000000000...

I'm wondering if anyone has encountered this problem before? I've been fighting it for some time now, trying different options and playing with my sign() function (which works fine for Java).

Thanks!

1
opensslrsapaddingdigital-signature
just a guess: different truststore, i.e. different CAs/issuers that you trust? - Daniel S.
Hi Daniel! It shouldn't be an issue about that - I'm using the same public/private keypair for this. Nothing to do with certificates. Thanks though! - ZachM
Also check the error using ERR_print_errors_fp and see the error. It will give you more details about the error. - doptimusprime

1 Answers

0
votes

Turns out if you just use EVP_VerifyInit()/EVP_VerifyUpdate()/EVP_VerifyFinal() instead, it works. Hopefully this saves someone else a few days!