Re: RSA sign with MD5 encryption (General questions)

by Erick Daniel, Friday, December 10, 2004, 01:01 (7087 days ago) @ wodSupport

1. How can I load the .cer file to let me verify the cipher text I just got? (The public key is in the certificate store).

This doesn't sound right. Where is the private key? In Windows certificate store? But then there must be the same certificate too.

Can you somehow get it in the PFX file? That one would hold private key too.

2. Should I digest and then sign the string? It will be a very big string (500 chars, more or less) and the other part (the people I will send the cipher text in Base64) shall be able to verify it with my certificate, supposedly under a standard. (I think its PKCS#1). While I am pretty confident that I should hash the strig and then send the hash to the Sign function, I just would like to know the answer (The call to Sign seems to fail if I send a string that big).

I suggest you do. Hash it with MD5 or SHA1, in which case you have only 16-20 bytes to sign. Make sure other side does the same hashing method on same data before they verify the signature.

Hope it helps.

I need to load the .cer in certain scenarios to do the verification only. In those cases, an access to the private key or the PKCS#12 file won't be possible. Any way to do it, or a workaround? Thats the last thing I need to accomplish to finish the sign/verification process. Thank you very much.