1

let me introduce my problem, i have some *.crt file, which contains DER encoded x509 version 3 certificate. Using ASN1 DER(libtomcrypt) i decrypt data and save it to some structure called x509v3. I have some message M, encrypted signature of M -> S(RSA encrypted), and public key -> P which is located inside x509 certificate(subject public key field). First i must decrypt S using public key P, but problem is that i can't find any api which will do this?
I looked for libtomcrypt but seems there is no api which takes public key( which is unsigned char * ) and encrypted data (also unsigned char *) and gives the decrypted data( unsigned char *).

Thanks for help! p.s. sorry for my english;)

akmal
  • 41
  • 2
  • 4

1 Answers1

3

You are one of the countless victims of an historical sloppy presentation of signatures, which has created and still creates massive amounts of confusion.

What you have is a signature and you want to verify it. There exist several signature algorithms, and one of them is called "RSA" because it looks similar to an asymmetric encryption algorithm also called similar. A very rough description of RSA signatures is that "you encrypt with the private key" (i.e. taking the encryption algorithm in the "reverse" direction), which is why signatures are often described like this... except that it does not really work like this. Asymmetric encryption with RSA implies a mathematical operation (modular exponentiation) at its core, but also a "padding" which is very important for security; RSA signatures also imply a padding, but a quite distinct one.

So you really should not think about signatures as a kind of encryption. This will just confuse you.

In libtomcrypt, the RSA signature verification function is called rsa_verify_hash().

Thomas Pornin
  • 72,986
  • 14
  • 147
  • 189
  • Thanks for help, but i have one more question, before using rsa_verify_hash(), i must import my public key using rsa_import. And then i can use rsa_verify_hash(), but this function has one argument saltlen, i can't understand what is it, and what i must send to it? – akmal Apr 12 '11 at 09:36
  • 1
    The "salt len" is used in PSS padding. PKCS#1 (the standard which defines RSA, look it up on Google) defines _two_ signature algorithms, one being the "old version" (also known as "v1.5") while the other ("PSS") is newer (cryptographically speaking "more proven to be secure") but more complex; it requires a few extra parameters, including the salt length. I do not know libtomcrypt API enough to help you further. – Thomas Pornin Apr 12 '11 at 11:35