MultiPrime
238 RSA BSAFE Crypto-C Developer’s Guide
Note: If the algorithm object was not set to AI_MD5WithRSAEncryption,
AI_MD2WithRSAEncryption, AI_SHA1WithRSAEncryption, or their BER
counterparts, you cannot use
B_VerifyInit.
Step 4: Update
Use B_VerifyUpdate to digest the data that was signed. Its prototype is in Chapter 4 of
the Reference Manual. Unless there is an extraordinarily large amount of data (for
example, a megabyte),
B_VerifyUpdate is quick and a NULL_PTR for the surrender
context should be no problem. Assuming that you have the same input data and you
know its length, your call is the following:
Step 5: Final
B_VerifyUpdate digested the data. Decrypt the signature and compare the result to
the digest with
B_VerifyFinal. The Reference Manual Chapter 2 entry on
AI_SHA1WithRSAEncryption states that “You may pass (B_ALGORITHM_OBJ)NULL_PTR
for all
randomAlgorithm
arguments.” This function does not return immediately, so use
a surrender context:
The return value will be 0 if the signature verifies, nonzero if it does not. Of course, a
nonzero return value may indicate some other error, so check any error return against
the Crypto-C Error Types, in Appendix A of the Reference Manual.
if ((status = B_VerifyUpdate
(digitalVerifier, inputData, inputDataLen,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
/* generalFlag is for the surrender function. */
generalFlag = 0;
if ((status = B_VerifyFinal
(digitalVerifier, signature, signatureLen,
(B_ALGORITHM_OBJ)NULL_PTR,
&generalSurrenderContext)) != 0)
break;
