|There's more than one way to do things|
Help verifying RSA PSS signature in Perl with Crypt::RSA and Crypt::RSA::SS::PSSby cryptques (Novice)
|on Mar 31, 2013 at 02:52 UTC||Need Help??|
cryptques has asked for the
wisdom of the Perl Monks concerning the following question:
I'm unable to verify a PSS-signed signature in Perl using Crypt::RSA and Crypt::RSA::SS::PSS.
I have a device that has a 1024-bit RSA key, and signs data using PSS, SHA1 and AES-128.
I extract the device's public key successfully, save it in a file with PEM_write_RSA_PUBKEY()
I am able to verify this in C/C++ using RSA_verify_PKCS1_PSS(), and also using openssl on the command line, like this:
I'm trying to do the above in Perl, using Crypt::RSA and Crypt::RSA::SS::PSS, and can't get it to work.
I've tested those two modules and I *am* able to generate and verify a PSS signature in Perl when generating my own key, like this:
So, instead of creating my own RSA key I read in a public key using something like this:
Where "key.public" contains the device's public key, converted to a decimal string, inserted into the "n" field of the structure that is read/written by Crypt::RSA::Key::Public.
But I can't get it to verify :-(
Methinks I should be able to indicate that it should be using SHA1 and AES-128 (as opposed to, say, Blowfish). Am I barking up the wrong tree?