Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
behavior of gcrypt depending on input data: "conflicting use"
christof.schulze at gmx
Jan 19, 2009, 11:59 AM
Post #1 of 3 (1893 views)
Permalink
Hello everyone,

currentrly I am writing a program to sign a given data string using a
secret key and verifying it using a public key.
I followed the documentation and did things like in the tests from
libgcrypt.
Yet Some strings (like "Hello World!") can be signed and verified ok
while other strings (like "Objekt1") lead to errors like "invalid
object" or "conflicting use"
I cannot make anything out of these error codes so I am turning to this
mailinglist. Also google did not turn up anything.

I am guessing that sometimes gcry_mpi_scan (in
make_sign_parameters) returns something and sometimes it does not but I
am only guessing because nscanned sometimes - even when the string is
signed successfully - is 0.
I am at a loss and I would greatly appreciate some input on this matter.

I am using this code:
testlog.c http://pastebin.com/f6051a825
logging.c: http://pastebin.com/f4bf4f55f
logging.h: http://pastebin.com/f5e601a0f

kind Regards

Christof Schulze
--

Attached Files:

Re: behavior of gcrypt depending on input data: "conflicting use" [ In reply to ]
wk at gnupg
Jan 20, 2009, 12:38 AM
Post #2 of 3 (1767 views)
Permalink
Hi,

Instead of:

error = gcry_mpi_scan (&mpival, GCRYMPI_FMT_USG,
digest, hash_len, &nscanned );
assert ( error == 0 );
printf ( "nscanned: %lu\n", nscanned );

rc = gcry_sexp_build ( sign_parms, &errof,
"(data (flags pkcs1) (hash %s %m))",
HASH_NAME, mpival );
assert ( rc == 0 );
gcry_mpi_release ( mpival );

you should better do:

rc = gcry_sexp_build (sign_parms, NULL,
"(data (flags pkcs1)(hash %s %b))",
HASH_NAME, (int)hash_len, digest);


I have not looked at the actual problem with %m. If you want to figure
that out, you need to check the MPI and the resulting S-expression, for
example by inserting

gcry_mpi_dump (mpival); putc (.'\n', stderr);
gcry_sexp_dump (*sign_parms)



Shalom-Salam,

Werner



p.s. In general it is better to insert the actual code into the message
so that it is possible to answer even without an online connection.

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: behavior of gcrypt depending on input data: "conflicting use" [ In reply to ]
christof.schulze at gmx
Jan 28, 2009, 12:43 PM
Post #3 of 3 (1752 views)
Permalink
Hello Werner,

thank you very much, after replacing the line the code works.

Christof

Am Dienstag 20 Januar 2009 09:38:43 schrieb Werner Koch:
> Hi,
>
> Instead of:
>
> error = gcry_mpi_scan (&mpival, GCRYMPI_FMT_USG,
> digest, hash_len, &nscanned );
> assert ( error == 0 );
> printf ( "nscanned: %lu\n", nscanned );
>
> rc = gcry_sexp_build ( sign_parms, &errof,
> "(data (flags pkcs1) (hash %s %m))",
> HASH_NAME, mpival );
> assert ( rc == 0 );
> gcry_mpi_release ( mpival );
>
> you should better do:
>
> rc = gcry_sexp_build (sign_parms, NULL,
> "(data (flags pkcs1)(hash %s %b))",
> HASH_NAME, (int)hash_len, digest);
>
>
> I have not looked at the actual problem with %m. If you want to figure
> that out, you need to check the MPI and the resulting S-expression, for
> example by inserting
>
> gcry_mpi_dump (mpival); putc (.'\n', stderr);
> gcry_sexp_dump (*sign_parms)
>
>
>
> Shalom-Salam,
>
> Werner
>
>
>
> p.s. In general it is better to insert the actual code into the message
> so that it is possible to answer even without an online connection.

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal