Request for an API to verify signatures #16
Comments
|
cc @mpcomplete |
|
@mpcomplete @sethladd Can one of you provide a link to the specification for the signature-verification algorithm you're referring to? |
nex3
added
the
contributions-welcome
|
I defer to @mpcomplete |
|
I can't find a spec, but it's part of the X509 signature block. I want to be able to verify a X509 SubjectPublicKeyInfo block using the sha256WithRSAEncryption algorithm. In other words, given a signature, key, and file generated on the command line like so: echo "Verified text." > file.txt I want to be able to do the equivalent to: openssl dgst -sha256 -verify publickey.pem -signature signature.sign file.txt ; # should verify OK This might just be a matter of exposing the appropriate openssl methods to dart. Something with the functionality of Chrome's SignatureVerifier would work: https://code.google.com/p/chromium/codesearch#chromium/src/crypto/signature_verifier_openssl.cc&sq=package:chromium&type=cs . |
|
It looks like
Unfortunately, there's not a good way to get access to native code in Dart, at least from a package. Unless we want to put this into the core libraries somehow, someone will need to port the algorithm to Dart. |
|
Actually, Julien Tinnes recommended against using RSA for signing purposes. Instead, he recommends "SHA256 + ECDSA on P-256". Equivalent openssl commands: echo "Verified text." > file.txt openssl dgst -sha256 -sign privatekey.pem -binary -out signature.sign file.txt openssl dgst -sha256 -verify publickey.pem -signature signature.sign file.txt |
A customer asked for "anything to help me check a payload against an RSA public key signature? (I think I want to use the sha256WithRSAEncryption algo)." and "I only need the functionality of Chrome's SignatureVerifier class[1], which uses openssl's EVP_PKEY_* and EVP_DigestVerify* and friends."
The text was updated successfully, but these errors were encountered: