My list of files is:
cert.pem (public key to be used in the verification)
application.zip (signed file)
signature.sig (the signature to be verified)
The code that I found at http://www.cryptopp.com/wiki/RSA_Cryptography
does not fit my needs because it reads a "key.pb" (public key) not a
PEM encoded file.
Can someone help me with some code to do the job?
Thanks in advance.
all you need is a X.509 parser. It has nothing to do with the Crypto++
Library.
Sindolfo schrieb:
/**
* Reads an X.509 v3 certificate from certin, extracts the
subjectPublicKeyInfo structure
* (which is one way PK_Verifiers can get their key material) and
writes it to keyout
*
* @throws CryptoPP::BERDecodeError
*/
void GetPublicKeyFromCert(CryptoPP::BufferedTransformation & certin,
CryptoPP::BufferedTransformation & keyout)
{
BERSequenceDecoder x509Cert(certin);
BERSequenceDecoder tbsCert(x509Cert);
// ASN.1 from RFC 3280
// TBSCertificate ::= SEQUENCE {
// version [0] EXPLICIT Version DEFAULT v1,
BERGeneralDecoder context(tbsCert,0xa0); // consume the context tag
on the version
word32 ver;
BERDecodeUnsigned<word32>(context,ver,INTEGER,2,2); // only want a v3
cert
// serialNumber CertificateSerialNumber,
Integer serial;
serial.BERDecode(tbsCert);
// signature AlgorithmIdentifier,
BERSequenceDecoder signature(tbsCert);
signature.SkipAll();
// issuer Name,
BERSequenceDecoder issuerName(tbsCert);
issuerName.SkipAll();
// validity Validity,
BERSequenceDecoder validity(tbsCert);
validity.SkipAll();
// subject Name,
BERSequenceDecoder subjectName(tbsCert);
subjectName.SkipAll();
// subjectPublicKeyInfo SubjectPublicKeyInfo,
BERSequenceDecoder spki(tbsCert);
DERSequenceEncoder spkiEncoder(keyout);
spki.CopyTo(spkiEncoder);
spkiEncoder.MessageEnd();
spki.SkipAll();
tbsCert.SkipAll();
x509Cert.SkipAll();
}
I'd find it useful if a similar function made its way into crypto++ :)
If your certificate is in PEM format, be sure your
BufferedTransformation has a base64 decoding filter there.
I've attached a small test program that shows how to use the key from
the certificate to verify a signature. The test program just has a
couple of DER-encoded certificates pasted into the code as byte array
literals.
HTH,
Geoff