Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. 3rd Party Software
  4. QCA verify sign
Forum Updated to NodeBB v4.3 + New Features

QCA verify sign

Scheduled Pinned Locked Moved 3rd Party Software
3 Posts 2 Posters 3.2k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H Offline
    H Offline
    Hostel
    wrote on last edited by
    #1

    I use a openssl to sign file and verify. How can I do this by QCA?
    OpenSSL sign:
    @
    echo 'data to sign' > data.txt
    openssl dgst -sha256 < data.txt > hash

    // sign
    openssl rsautl -sign -inkey private.pem -keyform PEM -in hash > signature
    @

    OpenSSL verify:
    @
    openssl rsautl -verify -inkey public.pem -keyform PEM -pubin -in signature > verified
    diff -s verified hash
    @

    I can't verify by QCA. Can anybody help me?

    1 Reply Last reply
    0
    • E Offline
      E Offline
      edhana
      wrote on last edited by
      #2

      Do you found how to verify signed files with QCA using the public key/certificate? I'm looking for the same answer.

      1 Reply Last reply
      0
      • E Offline
        E Offline
        edhana
        wrote on last edited by
        #3

        My way to answer this question:

        Load the public key
        @

        QCA::ConvertResult conv_res;
        QCA::PublicKey pub_key = QCA::PublicKey::fromPEMFile("public.pem", &conv_res);
        if(conv_res != QCA::ConvertGood){
        qDebug() << "Public key could not be loaded";
        return;
        }
        @

        Loading the signature file:
        @
        QFile sig_file("signature");
        sig_file.open(QFile::ReadOnly);
        QByteArray sig_text = sig_file.readAll();
        sig_file.close();
        @

        Finally verifying the signature
        @
        // sec_data is a plain data QCA::SecureArray object that was previosly decrypted using the private key counterpart of the public key being used here
        if(!pub_key.canVerify()){
        qDebug() << "Bad public key";
        return;
        }else{
        pub_key.startVerify(QCA::EMSA3_SHA1);
        pub_key.update(sec_data.data());
        if(pub_key.validSignature(sig_text)){
        qDebug() << "Signature verification suceedded";
        }else{
        qDebug() << "Signature verification failed";
        }

                // To make the verification in one step:
                if(pub_key.verifyMessage( sec_data.data(), sig_text, QCA::EMSA3_SHA1)){
                    Log::write(Log::Levels::Success, "One step signature validation succeeded");
                }
            }
        

        @

        BTW, I used the following command to generate the signed digest of my data.txt file(using Ubuntu Linux):

        openssl dgst -verify public.pem -signature signature data.txt

        1 Reply Last reply
        0

        • Login

        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Users
        • Groups
        • Search
        • Get Qt Extensions
        • Unsolved