[Nfd-dev] ndn-cxx raw signing and verification
Junxiao Shi
shijunxiao at email.arizona.edu
Mon Dec 18 17:27:22 PST 2017
Dear folks
I'm trying to understand the inner workings of ndn-cxx's signature format,
in order to use it on one of my toys.
OS is Ubuntu 16.04. ndn-cxx repository is at commit
7f01247b5bc75d9416e22828b72976abd57f16a9.
I have the following code snippet:
// g++ -std=c++11 -o x x.cpp $(pkg-config --cflags --libs libndn-cxx)
#include <iostream>
#include <ndn-cxx/security/v2/key-chain.hpp>
#include <ndn-cxx/security/verification-helpers.hpp>
int main() {
uint8_t input[12];
memcpy(input, "hello world.", sizeof(input));
ndn::KeyChain keyChain;
auto sig = keyChain.sign(input, sizeof(input));
sig.encode();
auto pubkey =
keyChain.getPib().getDefaultIdentity().getDefaultKey().getPublicKey();
bool res = ndn::security::verifySignature(input, sizeof(input),
sig.wire(), sig.size(), pubkey.data(), pubkey.size());
std::cout << res;
}
This code snippet uses the default key to sign a message "hello world.",
and then verify the signature using the same key.
I started with a clean $HOME/.ndn directory, and I have a single EC key as
the default.
$ ndnsec list -c
* /ec
+->* /ec/KEY/%8E%24y%D3CX9%D1
+->* /ec/KEY/%8E%24y%D3CX9%D1/self/%FD%00%00%01%60d%EBV%BC
I expect the code snippet to print "1" indicating the signature is correct.
However, it printed "0" indicating the signature is bad.
I traced into ndn::security::verifySignature functions. The public key was
successfully loaded from PKCS8 format, but the transforms concluded that
the signature is wrong.
I also independently verified that the signature bits are correct, using a
different ECDSA implementation (namely, micro-ecc).
Can anyone help with this?
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171218/521c38e2/attachment.html>
More information about the Nfd-dev
mailing list