Simple RSA Signing

This is the second part in a series showing how use the RSA_Raw functions to carry out simple RSA encryption and signing. The first part shows a simple example of using RSA for encryption.

We can also use the RSA_Raw functions to create a simple digital signature of a short text message. Normally, we create a message digest and sign that. If our message is short enough, we could do it directly.

[Version 2.6 update: you can do this much easier using the new RSA_EncodeMsg function. See RSA Techniques.]

This example shows how we can sign and verify a short text message. We use a simplified version of the recommended encoding from PKCS#1 and we use the short 512-bit key pair we generated for the encryption example. You should generate your own set of keys, use a better password than we have, and re-write the first part of the code to make the user enter the password rather than hard-coding the secret key data like we've done.

Add this Visual Basic Module into the project you've already created for the encryption example. If you want to get the same results as we did, use these BIN files which we created earlier. In this case, unlike the encryption example, you should get exactly the same result. If you've generated another set of keys, you won't.

The function TestSign() shows the two parts of the process. The first part takes the data we want to sign and creates an block of the correct length with padding bytes. (For the technical, PKCS#1 creates a `DigestInfo' with the mesage digest first; we just use the data directly). This block is `encrypted' with the private key which should only be in the possession of the person signing the data.

The block is made as follows:-

|<-------------------(64 bytes)----------------->|
+--+--+---------+--+-----------------------------+
|00|01|FFFF...FF|00|      DATA TO SIGN           |
+--+--+---------+--+-----------------------------+

It is critical that the encryption block is exactly the same length as the key (in this case 64 bytes) or an error will occur.

The result encoded in hexadecimal is "4DACB2F0...". This should be sent to the authenticating party along with the original text you have signed.

The authenticating party uses the public key to `decrypt' the block and then checks to see if the result matches the original text. If it does, the data has been authenticated.

Data files

• Visual Basic module with TestSign function in it
• Key pair files in binary that we used
• Results we got
• basCrPKI module from the PKI Toolkit (use the one distributed with the latest version rather than this copy)
• Visual Basic module used for Encryption example (see RSA Encryption Example)
• All the above in a zip file with a VB project (15 kB)

This page last updated: 27 August 20066

Home | PKI Home | Purchase | Cryptography Software Code | Contact us
Copyright © 2004-6 D.I. Management Services Pty Limited ABN 78 083 210 584, Sydney, Australia. All rights reserved.
<www.di-mgt.com.au>   <www.cryptosys.net>