RSA verify


#1

Hi, I'm looking for a way to check the sender of the message. the Juce does not have the classic features ssl Verify signature.

Is it right to use this method?


    RSAKey private_key("");
    String initial = "Message";
    bi.loadFromMemoryBlock(MemoryBlock(initial.getCharPointer(), initial.length()));
    private_key.applyToValue(bi);

 

    RSAKey public_key("");
    public_key.applyToValue(bi);

if I see a message means to the sender to check?



#2

You can have a look at https://github.com/julianstorer/JUCE/blob/f1ad44e2bfd49acd19800342e944aaec7a3c04dd/modules/juce_tracktion_marketplace/marketplace/juce_OnlineUnlockStatus.cpp

(decryptXML) - but that's not really verification, but decryption.

What you could do for verification is:

Alice: appends private key encrypted hash of message
Bob: "decrypts" hash with public key and compares the result with the hash he computed from the message.

Here's in pseudo-code, what the alogithm might look like:

hmac sign(private_key, message) // return the signature
{
  hash = sha256(message);
  signature = private_key.encrypt(hash);
  return signature;  
}

bool verify(public_key, message, hmac)
{
  my_hash = sha256(message);
  their_hash = public_key.decrypt(hmac);
  return my_hash == their_hash; 
}

But instead of cooking up such algorithms on your own, I'd recomend to use a library - crypto is just to easy to get wrong.

I had great success with libsodium (https://download.libsodium.org/doc/public-key_cryptography/public-key_signatures.html)
It should be straight forward to create a juce module out of it.

Best,
Ben

 


#3

Thanks for the hint, now everything is clear