[Nfd-dev] ndn-cxx raw signing and verification

Junxiao Shi shijunxiao at email.arizona.edu
Mon Dec 18 17:27:22 PST 2017

Dear folks

I'm trying to understand the inner workings of ndn-cxx's signature format,
in order to use it on one of my toys.
OS is Ubuntu 16.04. ndn-cxx repository is at commit

I have the following code snippet:
// g++ -std=c++11 -o x x.cpp $(pkg-config --cflags --libs libndn-cxx)

#include <iostream>
#include <ndn-cxx/security/v2/key-chain.hpp>
#include <ndn-cxx/security/verification-helpers.hpp>

int main() {
  uint8_t input[12];
  memcpy(input, "hello world.", sizeof(input));

  ndn::KeyChain keyChain;
  auto sig = keyChain.sign(input, sizeof(input));

  auto pubkey =
  bool res = ndn::security::verifySignature(input, sizeof(input),
sig.wire(), sig.size(), pubkey.data(), pubkey.size());
  std::cout << res;
This code snippet uses the default key to sign a message "hello world.",
and then verify the signature using the same key.

I started with a clean $HOME/.ndn directory, and I have a single EC key as
the default.
$ ndnsec list -c
* /ec
  +->* /ec/KEY/%8E%24y%D3CX9%D1
       +->* /ec/KEY/%8E%24y%D3CX9%D1/self/%FD%00%00%01%60d%EBV%BC

I expect the code snippet to print "1" indicating the signature is correct.
However, it printed "0" indicating the signature is bad.
I traced into ndn::security::verifySignature functions. The public key was
successfully loaded from PKCS8 format, but the transforms concluded that
the signature is wrong.
I also independently verified that the signature bits are correct, using a
different ECDSA implementation (namely, micro-ecc).

Can anyone help with this?

Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171218/521c38e2/attachment.html>

More information about the Nfd-dev mailing list