Hi, I'm looking for a way to check the sender of the message. the Juce does not have the classic features ssl Verify signature.
Is it right to use this method?
RSAKey private_key("");
String initial = "Message";
bi.loadFromMemoryBlock(MemoryBlock(initial.getCharPointer(), initial.length()));
private_key.applyToValue(bi);
RSAKey public_key("");
public_key.applyToValue(bi);
if I see a message means to the sender to check?
You can have a look at https://github.com/julianstorer/JUCE/blob/f1ad44e2bfd49acd19800342e944aaec7a3c04dd/modules/juce_tracktion_marketplace/marketplace/juce_OnlineUnlockStatus.cpp
(decryptXML) - but that's not really verification, but decryption.
What you could do for verification is:
Alice: appends private key encrypted hash of message
Bob: "decrypts" hash with public key and compares the result with the hash he computed from the message.
Here's in pseudo-code, what the alogithm might look like:
hmac sign(private_key, message) // return the signature
{
hash = sha256(message);
signature = private_key.encrypt(hash);
return signature;
}
bool verify(public_key, message, hmac)
{
my_hash = sha256(message);
their_hash = public_key.decrypt(hmac);
return my_hash == their_hash;
}
But instead of cooking up such algorithms on your own, I'd recomend to use a library - crypto is just to easy to get wrong.
I had great success with libsodium (https://download.libsodium.org/doc/public-key_cryptography/public-key_signatures.html)
It should be straight forward to create a juce module out of it.
Best,
Ben
Thanks for the hint, now everything is clear
