Angus Robertson 558 Posted 14 hours ago In this function. ICS does not use PAnsiChar as a null terminated string, it passes the actual TBytes length to the OpenSSL API, since the hash or digest is binary data. It would seem the old digest is being corrupted before verification. Angus Share this post Link to post
ap2021 0 Posted 14 hours ago Irrespective of that, even if all the right data is sent to OpenSSL's EVP_DigestVerify function, unlike Windows, in Linux it fails - returns 0 and those messages... Share this post Link to post
Angus Robertson 558 Posted 13 hours ago So you are saying you've saved a TBytes digest created by IcsAsymSignDigestTB and used it with IcsAsymVerifyDigestTB without any string, encoding or base64 conversions, and it fails? Specifically,as in the function doTestSignClick in the JoseTst sample which displays the digest in hex and base64? I will convert that sample to FMX, as I said earlier, but it is not a priority. Angus Share this post Link to post
Angus Robertson 558 Posted 10 hours ago One other thing you could check before verify is the length of the digest. It varies depending on your private key type and signing hash, but is generally the length of the key, so an RSA 2048 SHA256 digest will be 256 bytes long, binary. The JoseTst sample reports the hash length for all combinations of keys and hashes. This could be a simple check for the digest not being corrupted at some point. I might do some investigation to see if I can reliably add such a check to verify. Angus Share this post Link to post