Performing DSA Operations

Step 2: Setting The Algorithm Object

To verify the signature created here, use the same AI:

if ((status = B_SetAlgorithmInfo

(dsaVerifier, AI_DSAWithSHA1, NULL_PTR)) != 0) break;

Step 3: Init

Associate a key and algorithm method with the algorithm object through

B_VerifyInit. The Chapter 4 Reference Manual entry on this function shows that it takes four arguments: the algorithm object, a key object, an algorithm chooser, and a surrender context. The algorithm object in this example is dsaVerifier. For a key object, you want to use a DSA public key, presumably the partner to the DSA private key used to sign. Build an algorithm chooser; the elements are the AMs listed in the Reference Manual Chapter 2 entry for the AI in use. B_VerifyInit is fast, so it is reasonable to pass a properly cast NULL_PTR for the surrender context:

B_ALGORITHM_METHOD *DSA_VERIFY_CHOOSER[] = { &AM_SHA1,

&AM_DSA_VERIFY,

(B_ALGORITHM_METHOD *)NULL_PTR

};

if ((status = B_VerifyInit

(dsaVerifier, dsaPublicKey, DSA_VERIFY_CHOOSER, (A_SURRENDER_CTX *)NULL_PTR)) != 0)

break;

Step 4: Update

Digest the data that was signed with B_VerifyUpdate; the prototype of this is in Chapter 4 of the Reference Manual. Unless there is an extraordinarily large amount of data (for example, a megabyte or more), this function is quick and a NULL_PTR for the surrender context will probably be no problem. Assuming you have the same input

C h a p t e r 7 P u b l i c - K e y O p e r a t i o n s

2 4 7

Page 269
Image 269
RSA Security 5.2.2 manual Setting The Algorithm Object, To verify the signature created here, use the same AI