LibGcrypt verify Help required

Presanna Raman presannar at ami.com
Thu Feb 21 01:15:18 CET 2008


On reading up further and analyzing the code, I came across the following. The description for the sexp_data_to_mpi function says that "Either the VALUE or the HASH element must be present for use with signatures. VALUE is used for encryption."
   (data
    [(flags [pkcs1])]
    [(hash <algo> <value>)]
    [(value <text>)]
   )

So am I correct to assume that inorder to verify a binary file I first need to calculate the Hash value for that file and replace <value> in the above expression and not provide the binary file as is. So my S-expression for the data will be something like  "(data (flags pkcs1(hash rmd160 <binary file hash value>)))". If I need to verify the signature of text file I provide it as the <text>? Is this a right assumption?

With Regards,

Presanna Raman.

> -----Original Message-----
> From:	Presanna Raman 
> Sent:	Wednesday, February 20, 2008 5:58 PM
> To:	gcrypt-devel at gnupg.org; 'Adam Langley'
> Subject:	RE: LibGcrypt verify Help required
> 
> Thankx Adam for the suggestion. Unfortunately, I will have to use G-Crypt lib. I did look at how openCdk verifies a signature. It is the same that I have followed. I have a detached Armored Signature, the Armored Public Key and the binary file which was used to generate the detached signature. On going thru the RFC 4880 I gather that the 2 mpi's part of the signature packet contain the hashed data. I use this to construct the sexpression equivalent for the signature. Similarly, I use the 4 mpi's of the public key to construct the public key s-expression. What I am not sure is how do I generate the sexpression of the data? Should I encode the data using some hashing algorithm and then generate the sexpression for verification? Or am I missing something. The RFC specifies that the preferred encoding in OpenPGP is PKCS#1. But using PKCS1 as the flag in constructing the sexpression I get back Error status GPG_ERR_CONFLICT. Any help will be appreciated.
> 
> On a side Note, In the function gcry_mpi_set_opaque() the a->sign is set as nbit with no check made to make sure if the value is signed. Is this correct?
> 
> With Regards,
> 
> Presanna Raman.
> 
> 	-----Original Message-----
> 	From:	alangley at gmail.com [SMTP:alangley at gmail.com] On Behalf Of Adam Langley
> 	Sent:	Tuesday, February 19, 2008 11:46 PM
> 	To:	Presanna Raman
> 	Cc:	gcrypt-devel at gnupg.org
> 	Subject:	Re: LibGcrypt verify Help required
> 
> 	On Feb 19, 2008 8:42 PM, Adam Langley <agl at imperialviolet.org> wrote:
> 	> Possibly opencdk is the library that you want for this.
> 
> 	Oh, and please note that opencdk appears to be *GPL* licensed, not
> 	LGPL. That may affect your plans.
> 
> 
> 	AGL
> 
> 	-- 
> 	Adam Langley agl at imperialviolet.org http://www.imperialviolet.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080220/65c3d6b4/attachment.htm>


More information about the Gcrypt-devel mailing list