Archived Forum Post

Index of archived forum posts

Question:

Verify SHA1withDSA signatures

Apr 28 '16 at 13:22

Can the library verify SHA1withDSA signatures with objective-C on iOS?

Answer

Yes, it can be done with the CkoDsa class: http://www.chilkatsoft.com/refdoc/objcCkoDsaRef.html

I'm sorry there is no example yet. A program would do the following to verify a signature:

  1. Instantiate an instance of the CkoDsa class.
  2. Load a DSA public key via one of the methods: FromPublicDer, FromPublicDerFile, FromPublicPem, etc.
  3. Set the Signature property to the bytes of the signature, or alternatively, call SetEncodedSignature to set via an encoded string, such as base64.
  4. Set the Hash property to the SHA1 hash bytes of the data that was signed, or alternatively call SetEncodedHash. (The SHA1 hash can be computed using Chilkat Crypt2 or by any other means)
  5. Call the CkoDsa.Verify method to verify the signature.

Answer

Here's an example that creates a signature and verifies it: http://www.example-code.com/objc/dsa_sign_verify.asp

Answer

Thanks a lot for the quick reply and the example.

I'm not able to load the DSA public key with LoadText: and FromPublicPem:

The result from LoadText: with my .pem file is:

-----BEGIN CERTIFICATE-----
MIIC/DCCArqgAwIBAgIEXVhIpjALBgcqhkjOOAQDBQAwTzELMAkGA1UEBhMCREUx
GDAWBgNVBAoTD1BldGVycyBTb2Z0d2FyZTESMBAGA1UECxMJbGljZW5zaW5nMRIw
EAYDVQQDEwltYXN0ZXJrZXkwIBcNMTUwODAzMDg0NDA5WhgPMjI4OTA1MTcwODQ0
MDlaME8xCzAJBgNVBAYTAkRFMRgwFgYDVQQKEw9QZXRlcnMgU29mdHdhcmUxEjAQ
BgNVBAsTCWxpY2Vuc2luZzESMBAGA1UEAxMJbWFzdGVya2V5MIIBtzCCASwGByqG
SM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1A
IlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63
xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUA
l2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC
+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o
4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1Ul
ZAFMO/7PSSoDgYQAAoGAOsWwJEkk/RhwDAO1A7FZGJ45oII/1W6Y+3aCTLsMY5ev
XXUQC8ePNso9qsIgDk5XJFt+hwYJXOcaqu233URwGRG2Ivfr7Bq1+vnCmPzcvZgA
87K3+WmKuTcDpwz1JxHzCN9rMrlTznYPDcY9B4WxGmjfxWX1Ghhh6wFxqGrmQc+j
ITAfMB0GA1UdDgQWBBSMxym50F/IDPk82Kf+Rtw2ddc9hjALBgcqhkjOOAQDBQAD
LwAwLAIUJr1iroSgxhUzU8hYK8377TvFslUCFAsSH4TuUrbKIXlzV5GZm3PDaGuC
-----END CERTIFICATE-----

But using this public key string with FromPublicPem: does not work. The LastErrorText is:

ChilkatLog:
  FromPublicPem:
    DllDate: Mar 12 2016
    ChilkatVersion: 9.5.0.56
    UnlockPrefix: Anything for 30-day trial.
    Architecture: Little Endian; 64-bit
    Language: IOS Objective-C
    VerboseLogging: 0
    loadPem:
      loadPem2:
        loadPem:
          itemType: CERTIFICATE
        --loadPem
      --loadPem2
    --loadPem
    Failed.
  --FromPublicPem
--ChilkatLog

Any idea why this doesn't work?

Answer

Ok, it seems that I can not extract a DSA public key from a pem certificate.

So I extracted the public key from the pem certificate using openssl and now it works fine.

Answer

You can load the cerificate PEM into a CkoCert object and then get the public key from it. Here's an example: http://www.example-code.com/objc/pubkey_from_cert.asp

Answer

Ok, this seems to work and I get a XML.

Instead of FromPublicPem: I have to use FromXml: to set the public key in CkoDsa, right?

But Verify fails when I use the XML public key.

ChilkatLog:
  Verify:
    DllDate: Mar 12 2016
    ChilkatVersion: 9.5.0.56
    UnlockPrefix: Anything for 30-day trial.
    Architecture: Little Endian; 64-bit
    Language: IOS Objective-C
    VerboseLogging: 0
    DSA signature is invalid.
    Failed.
  --Verify
--ChilkatLog