Unable to verify the Signed Hash in C++ from VB.Net

1

My requirement is to verify the signed hash in my C++ application which was earlier signed in VB.Net !

I ll briefly explain you what I did to achieve it.. First of all I created a Private/Public Key Pair with CspParameters.KeyNumber value = "Signature" and exported its CspBlob to a file "KeyPair.txt" for using the Public Key in my C++ program.

 Dim str As testData= "Hello World"
  Dim Hash() As Byte = HashAlgorithm.Create("SHA1").ComputeHash(testData)
  Hash = RSA.SignHash(Hash, CryptoConfig.MapNameToOID("SHA1"))
  Array.Reverse(Hash)

and saved the Signed Hash in a File "Signature.txt" in reverse order for VB.Net to Native CAPI compatibility (Big Endian to Little Endian).

2.) On other end ( C++ Program) ...

Firstly, I computed the SHA1 of testData "Hello World" and then did used below code for verifying the signature.

  BYTE* Message_Digest_SHA1 = SHA1("Hello World");
    BYTE* pbBlob = ReadFile("KeyPair.txt");
    int pbBlobLen = GetFileLen("KeyPair.txt");
    BYTE* pbSignature = ReadFile("Signature.txt");
    int pbSignatureLen = GetFileLen("Signature.txt");

    if (!CryptAcquireContext(&hProv, NULL, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
        {
    //Error checking omitted !
    }


   if (pbBlob) {
            if (!CryptImportKey(hProv, pbBlob, pbBlobLen , 0, 0, &hPubKey))
                return FALSE;
               } 


    HCRYPTHASH hHash;
    if(CryptCreateHash(
       hProv, 
       CALG_SHA1, 
       0, 
       0, 
       &hHash)) 
    {
         printf("The hash object has been recreated. \n");
    }
    else
    {
        // Error
    }

    if(CryptHashData(
       hHash, 
       Message_Digest_SHA1 , 
       20, // length of message digest
       0)) 
    {
         printf("The new hash has been created.\n");
    }
    else
    {
         //Error
    }

    if(CryptVerifySignature(
       hHash, 
       pbSignature, 
       pbSignatureLen , 
       hPubKey,
       NULL, 
       0)) 
    {
         printf("The signature has been verified.\n");
    }
    else
    {
        DWORD error = GetLastError(); // 2148073478   in HEX 0x80090006  NTE_BAD_SIGNATURE
         printf("Signature not validated!\n");
    }


    if(hHash) 
      CryptDestroyHash(hHash);

But, CryptVerifySignature fails with NTE_BAD_SIGNATURE ! Can you please look into my code and point out my mistake

Thank you.

c#
c++
winapi
encryption
hash
asked on Stack Overflow Jan 16, 2014 by Windows Programmer • edited Jan 16, 2014 by Windows Programmer

1 Answer

1

You seem to hash twice. Once in

BYTE* Message_Digest_SHA1 = SHA1("Hello World");

then again in

CryptHashData(hHash, Message_Digest_SHA1, 20,0)

I suspect you need to hash only once. I would recommend removing the first one as the signature method expects a reference to a hash object. Supply the correct binary encoding of "Hello World" as data instead.

answered on Stack Overflow Jan 16, 2014 by Maarten Bodewes

User contributions licensed under CC BY-SA 3.0