I received an email in response to this post which contained the
following:
> ...you cannot recover the message itself from the signature, only the hash value.
My understanding was that there were two types of algorithms that
could be used to sign a message with RSA: Signature Scheme with
Appendix (SSA) and [Probabilistic] Signature Scheme with Recovery
(PSSR).
SSA works exactly as you describe - a hash of the original message is
signed, and this hash is sent along with the message as an appendix to
the signature, and is verified at the other end.
In PSSR the original message is interleaved into the signature. PSSR
schemes do not require the original message for verification since it
is available in the signature.
I was eventually able to get PSSR working using the method shown here
http://www.cryptopp.com/fom-serve/cache/96.html. Unfortunately, the
code is not very elegant. I would much rather be able to use Crypto+
+'s filter/pipelining system, which is quite neat.
There is information on the web that indicates you can perform PSSR
using the Crypto++ filter/pipelining system. For example, the
following pages have examples of PSSR with filters:
http://www.cryptopp.com/wiki/SignatureVerificationFilter
http://www.cryptopp.com/wiki/RSA_Signature_Schemes
However, while these examples ~do~ allow me to recover the message
from the signature, they require me to have the original message
before I can perform the recovery, which totally defeats the purpose.
If no-one replies to correct me I will assume I am right and remove
the material on the Wiki so no-one else wastes their time.