How we can verify openssl digital signature in C++ & windows API

2
votes

Using openssl I have created signed document on server, kindly refer below commands for it.

------Create private key.

openssl pkcs12 -in "D:\Cummins Issues\XML  Encryption\mycredentialsandkey2010.pfx"  -nodes -nocerts -out "D:\privatekey.pem" -nodes

------Create public key.

openssl rsa -in "D:\privatekey.pem" -pubout -out "D:\rsapublickey.pem"

------Create signed document.

openssl dgst -sha1 -sign "D:\privatekey.pem" -out "D:\ProductInformation_xml.cipher" "D:\ProductInformation.xml"

Now I can verify the digital signature using opensll like below

---Verify

openssl dgst -sha1 -verify "D:\rsapublickey.pem" -signature "D:\ProductInformation_xml.cipher" "D:\ProductInformation.xml"

But I need to verify digital signature using C++ & Windows API in client application (without openssl library or source code). I know using public key & hash we can verify the digital signature. Kindly provide me pseudo code or windows API ASAP.

Any help is appreciated.

2
c++visual-c++digital-signaturecryptoapi
This is the purpose of a library, to not reinvent the wheel. If using openssl or crypto++ or Botan is not a option, then you will have to implement your own algorithms. Also note that statically compiling you client with any of these libraries will not include the entire library in your client, only what you use. - user365268

2 Answers

0
votes

Why can't you use libssl? That's the obvious route to go down. The algorithms themselves are RSA and SHA1 although you really shouldn't try to roll your own.

Googling for "microsoft ssl library" yields nothing but a multitude of vulnerabilities. No, really!

0
votes

CryptoAPI from Microsoft will allow you to sign and verify data.

You should note that Microsoft has introduced CNG from Windows vista onwards. So evaluate your requirements.

You can find sample source for signing and verification from MSDN using CryptoAPI