|
|
|
date: Wed, 4 Jun 2008 18:25:21 -0700 (PDT),
group: microsoft.public.platformsdk.security
back
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
On Jun 5, 8:47 am, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi,
>
> In order to correct this error, you have to replace the parameter
> szDescription in the call of CryptVerifySignature by NULL. Putting a non null
> value for this parameter is what causes this function to fail. Microsoft
> should correct the sample on their web site according to this...
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Hi all,
>
> > I am using crypto apis in windows mobile. but its giving error message
> > saying NTE_BAD_SIGNATURE,
> > Can anybody please help me out. I am used the code from the link :
> >http://msdn.microsoft.com/en-us/library/aa382371.aspx
>
> > Please post me any guess
>
> > Thanks
> > Vishal- Hide quoted text -
>
> - Show quoted text -
Hi Mounir,
My requirement is to Create a digital signatrue. I Want to use public
key to encrypt and private key to decrypt.
I guess the param AT_EXCHANGE will be used to when we export the key,
but i am not sure how the things works.
Can you please help me in this regard.
Thanks
date: Fri, 6 Jun 2008 14:57:35 -0700 (PDT)
author: unknown
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
Hi,
I'm a little bite confused by your description. When doing digital
signature, the public key is for verification and private key for signature.
So I guess you are goind to do both encryption and signature. In this case,
using an AT_KEYEXCHANGE key is the right choice since it can do both
operations.
The usual process is to create a new container using CryptAcquireContext,
generate an AT_KEYEXCHANGE key using CryptGenKey, export the public key using
CryptExportKey with PUBLICKEYBLOB as blob type and optionally sign a
certificate request to be sent to a certificate authority. Usually, all
these steps are done automatically for you if you use PKI systems like the MS
CA integrated with Windows Server 2003/2008.
One everything is set up, you can start doing classical PKI operations like
the sample you used. I think you can find many simples on the internet on how
specific Crypto API calls for each operation context.
I hope I gave you some clues on how to advance as your question was a little
bit vague.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"visalavats@aztecsoft.com" wrote:
> Hi Mounir,
> My requirement is to Create a digital signatrue. I Want to use public
> key to encrypt and private key to decrypt.
> I guess the param AT_EXCHANGE will be used to when we export the key,
> but i am not sure how the things works.
>
> Can you please help me in this regard.
>
> Thanks
>
date: Fri, 6 Jun 2008 16:00:02 -0700
author: Mounir IDRASSI am
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
On Jun 6, 4:00 pm, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi,
>
> I'm a little bite confused by your description. When doing digital
> signature, the public key is for verification and private key for signature.
> So I guess you are goind to do both encryption and signature. In this case> using an AT_KEYEXCHANGE key is the right choice since it can do both
> operations.
> The usual process is to create a new container using CryptAcquireContext,
> generate an AT_KEYEXCHANGE key using CryptGenKey, export the public key using
> CryptExportKey with PUBLICKEYBLOB as blob type and optionally sign a
> certificate request to be sent to a certificate authority. Usually, all> these steps are done automatically for you if you use PKI systems like the MS
> CA integrated with Windows Server 2003/2008.
> One everything is set up, you can start doing classical PKI operations like
> the sample you used. I think you can find many simples on the internet on how
> specific Crypto API calls for each operation context.
> I hope I gave you some clues on how to advance as your question was a little
> bit vague.
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Hi Mounir,
> > My requirement is to Create a digital signatrue. I Want to use public
> > key to encrypt and private key to decrypt.
> > I guess the param AT_EXCHANGE will be used to when we export the key,
> > but i am not sure how the things works.
>
> > Can you please help me in this regard.
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -
Thanks for the info Mounir,
I am working on Windows mobile.
I want to create a digital signature for a file from one end(A) and
send the file and signature to the other end(Windows mobile).
The signature should be created using public key
( I am using function CryptGenKey(hProv, AT_KEYEXCHANGE,
0,&hPublicKey);
CryptExportKey(hPublicKey,0,/
*PRIVATEKEYBLOB*/ PUBLICKEYBLOB,0,
baKeyBlob.GetData(),&dwKeyBlobLen) ;
and for signing I am using "CryptSignHash( hHash, AT_KEYEXCHANGE,
NULL, 0, pbSignature, &dwSigLen) ;"
and verifying signing i am using " CryptVerifySignature( hHash,
bSignature, dwSigLen, hPubKey, NULL, 0)"
and functions succeeds.
My question here is: how the private keys used here to verify
signature? because we used hpublic key which is a public key.
Please share your idea i am bit confused how the AT_KEYEXCHANGE
works.
Thanks
Vishal
date: Fri, 6 Jun 2008 18:06:09 -0700 (PDT)
author: unknown
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
Hi Vishal,
First, you must know that digital signature is computed using the private
key and its verification is done using the public key. So, I think you are
mixing things here.
Second, when you call CryptSignHash with AT_KEYEXCHANGE on the hash, the CSP
will use the private key to compute the signature of the hash after adding
some padding. Then, in order to verify this signature, you only need to have
the public key which have been exported previously. Once this public key is
imported, its handle is used in CryptVerifySignature to check the validity of
the digital signature. This is done by performing an RSA public
exponentiation on the digital signature, then it will check the padding
correctness of the result and remove it subsequently and at last it will
compare the unpadded result with the given hash. If they are the same, then
the signature is valid, otherwise it's not.
At this point, all the operation you have to perform can be completely done
with an AT_SIGNATURE key as well. The difference between AT_SIGNATURE and
AT_KEYEXCHANGE is that the latest can perform RSA encrypting while the first
can not.
Cheer,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"visalavats@aztecsoft.com" wrote:
> Thanks for the info Mounir,
> I am working on Windows mobile.
> I want to create a digital signature for a file from one end(A) and
> send the file and signature to the other end(Windows mobile).
> The signature should be created using public key
> ( I am using function CryptGenKey(hProv, AT_KEYEXCHANGE,
> 0,&hPublicKey);
>
> CryptExportKey(hPublicKey,0,/
> *PRIVATEKEYBLOB*/ PUBLICKEYBLOB,0,
>
> baKeyBlob.GetData(),&dwKeyBlobLen) ;
>
> and for signing I am using "CryptSignHash( hHash, AT_KEYEXCHANGE,
> NULL, 0, pbSignature, &dwSigLen) ;"
> and verifying signing i am using " CryptVerifySignature( hHash,
> bSignature, dwSigLen, hPubKey, NULL, 0)"
>
> and functions succeeds.
> My question here is: how the private keys used here to verify
> signature? because we used hpublic key which is a public key.
> Please share your idea i am bit confused how the AT_KEYEXCHANGE
> works.
>
> Thanks
> Vishal
>
date: Sat, 7 Jun 2008 03:44:01 -0700
author: Mounir IDRASSI am
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
On Jun 7, 3:44 am, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi Vishal,
>
> First, you must know that digital signature is computed using the private
> key and its verification is done using the public key. So, I think you are> mixing things here.
> Second, when you call CryptSignHash with AT_KEYEXCHANGE on the hash, the CSP
> will use the private key to compute the signature of the hash after adding> some padding. Then, in order to verify this signature, you only need to have
> the public key which have been exported previously. Once this public key is
> imported, its handle is used in CryptVerifySignature to check the validity of
> the digital signature. This is done by performing an RSA public
> exponentiation on the digital signature, then it will check the padding
> correctness of the result and remove it subsequently and at last it will
> compare the unpadded result with the given hash. If they are the same, then
> the signature is valid, otherwise it's not.
> At this point, all the operation you have to perform can be completely done
> with an AT_SIGNATURE key as well. The difference between AT_SIGNATURE and
> AT_KEYEXCHANGE is that the latest can perform RSA encrypting while the first
> can not.
>
> Cheer,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Thanks for the info Mounir,
> > I am working on Windows mobile.
> > I want to create a digital signature for a file from one end(A) and
> > send the file and signature to the other end(Windows mobile).
> > The signature should be created using public key
> > ( I am using function CryptGenKey(hProv, AT_KEYEXCHANGE,
> > 0,&hPublicKey);
>
> > CryptExportKey(hPublicKey,0,/
> > *PRIVATEKEYBLOB*/ PUBLICKEYBLOB,0,
>
> > baKeyBlob.GetData(),&dwKeyBlobLen) ;
>
> > and for signing I am using "CryptSignHash( hHash, AT_KEYEXCHANGE,
> > NULL, 0, pbSignature, &dwSigLen) ;"
> > and verifying signing i am using " CryptVerifySignature( hHash,
> > bSignature, dwSigLen, hPubKey, NULL, 0)"
>
> > and functions succeeds.
> > My question here is: how the private keys used here to verify
> > signature? because we used hpublic key which is a public key.
> > Please share your idea i am bit confused how the AT_KEYEXCHANGE
> > works.
>
> > Thanks
> > Vishal- Hide quoted text -
>
> - Show quoted text -
Hello mounir,
with respective to your message, It says that digital signature is
computed using the private
key and its verification is done using the public key. The Reverse is
not possible.
Thank you very much for sharing your idea.
Thanks again,
Vishal
date: Mon, 9 Jun 2008 10:23:48 -0700 (PDT)
author: unknown
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
Hi Mounir,
One quick question here, I want to know the exact algorithm used to
generate the public key so that my server should use the same
algorithm to generate the key.
I am using diffie hallman service provider , i can use any other wm
supported in wincrypt.h
I am really sorry to distrub you. Please share your idea.
Thank you.
On Jun 7, 3:44 am, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi Vishal,
>
> First, you must know that digital signature is computed using the private
> key and its verification is done using the public key. So, I think you are> mixing things here.
> Second, when you call CryptSignHash with AT_KEYEXCHANGE on the hash, the CSP
> will use the private key to compute the signature of the hash after adding> some padding. Then, in order to verify this signature, you only need to have
> the public key which have been exported previously. Once this public key is
> imported, its handle is used in CryptVerifySignature to check the validity of
> the digital signature. This is done by performing an RSA public
> exponentiation on the digital signature, then it will check the padding
> correctness of the result and remove it subsequently and at last it will
> compare the unpadded result with the given hash. If they are the same, then
> the signature is valid, otherwise it's not.
> At this point, all the operation you have to perform can be completely done
> with an AT_SIGNATURE key as well. The difference between AT_SIGNATURE and
> AT_KEYEXCHANGE is that the latest can perform RSA encrypting while the first
> can not.
>
> Cheer,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Thanks for the info Mounir,
> > I am working on Windows mobile.
> > I want to create a digital signature for a file from one end(A) and
> > send the file and signature to the other end(Windows mobile).
> > The signature should be created using public key
> > ( I am using function CryptGenKey(hProv, AT_KEYEXCHANGE,
> > 0,&hPublicKey);
>
> > CryptExportKey(hPublicKey,0,/
> > *PRIVATEKEYBLOB*/ PUBLICKEYBLOB,0,
>
> > baKeyBlob.GetData(),&dwKeyBlobLen) ;
>
> > and for signing I am using "CryptSignHash( hHash, AT_KEYEXCHANGE,
> > NULL, 0, pbSignature, &dwSigLen) ;"
> > and verifying signing i am using " CryptVerifySignature( hHash,
> > bSignature, dwSigLen, hPubKey, NULL, 0)"
>
> > and functions succeeds.
> > My question here is: how the private keys used here to verify
> > signature? because we used hpublic key which is a public key.
> > Please share your idea i am bit confused how the AT_KEYEXCHANGE
> > works.
>
> > Thanks
> > Vishal- Hide quoted text -
>
> - Show quoted text -
date: Mon, 9 Jun 2008 15:45:11 -0700 (PDT)
author: unknown
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
On Jun 9, 4:48 pm, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi Vishal,
>
> I think you misunderstood something because each time you call CryptGenKey> you get a new different key pair (public private) with random values.
> You are talking about sharing a key between a client and a server, so I
> guess you are talking now about key agreement instead of signature or
> encryption.
> Can you please clarify the context of your question?
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Hi Mounir,
> > One quick question here, I want to know the exact algorithm used to
> > generate the public key so that my server should use the same
> > algorithm to generate the key.
> > I am using diffie hallman service provider , i can use any other wm
> > supported in wincrypt.h
> > I am really sorry to distrub you. Please share your idea.
>
> > Thank you.- Hide quoted text -
>
> - Show quoted text -
Hi Mounir,
My problem now is :
Server machine has to create a public key which shoulb be exported so
that client(Windows Mobile) needs to use in cryptverify function.
so i need to tell the exact algorithm winows RSA uses to generate the
public key so that i can import it in client code. and I need to know
exact algorithm for hasing also.
I searched in microsoft site, I couldn't able to find out exact
algorthim they use for RSA or diffie hallman
Please help in this regard.
Thanks
date: Mon, 9 Jun 2008 20:02:02 -0700 (PDT)
author: unknown
Re: CryptVerifySignature fail with message NTE_BAD_SIGNATURE
On Jun 10, 3:35 am, Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> Hi Vishal,
>
> To solve your problem, you need only to transfer the server's public key to
> the client. This can not be done by re-generating the same RSA key pair of> the server on the client side. Classically, this is done by publishing the> server's certificate in a publicly accessible repository so that the client
> can get it and verify the server's signature using the public key contained
> in this certificate.
> You can find many useful links on the link about certificate management and
> PKI in general. I advice you to start by building a small sample PKI
> architecture having one root that will certify the server key pair.
>
> Cheers,
> --
> Mounir IDRASSI
> IDRIXhttp://www.idrix.fr
>
> to reach : mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
>
> "visalav...@aztecsoft.com" wrote:
> > Hi Mounir,
> > My problem now is :
> > Server machine has to create a public key which shoulb be exported so
> > that client(Windows Mobile) needs to use in cryptverify function.
> > so i need to tell the exact algorithm winows RSA uses to generate the
> > public key so that i can import it in client code. and I need to know
> > exact algorithm for hasing also.
> > I searched in microsoft site, I couldn't able to find out exact
> > algorthim they use for RSA or diffie hallman
>
> > Please help in this regard.
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -
Thanks for your help, It really helped me a lot. I will go ahead and
find out the way to do.
I may need your help further also....
Thanks again
Vishal
date: Tue, 10 Jun 2008 14:35:32 -0700 (PDT)
author: unknown
|
|
