Mailing List Archive: GnuPG: gcrypt

behavior of gcrypt depending on input data: "conflicting use"

Index | Next | Previous | View Threaded

christof.schulze at gmx

Jan 19, 2009, 11:59 AM

Post #1 of 3 (1535 views)
Permalink

behavior of gcrypt depending on input data: "conflicting use"

Hello everyone,

currentrly I am writing a program to sign a given data string using a
secret key and verifying it using a public key.
I followed the documentation and did things like in the tests from
libgcrypt.
Yet Some strings (like "Hello World!") can be signed and verified ok
while other strings (like "Objekt1") lead to errors like "invalid
object" or "conflicting use"
I cannot make anything out of these error codes so I am turning to this
mailinglist. Also google did not turn up anything.

I am guessing that sometimes gcry_mpi_scan (in
make_sign_parameters) returns something and sometimes it does not but I
am only guessing because nscanned sometimes - even when the string is
signed successfully - is 0.
I am at a loss and I would greatly appreciate some input on this matter.

I am using this code:
testlog.c http://pastebin.com/f6051a825
logging.c: http://pastebin.com/f4bf4f55f
logging.h: http://pastebin.com/f5e601a0f

kind Regards

Christof Schulze
--

Attachments:

signature.asc (0.19 KB)

wk at gnupg

Jan 20, 2009, 12:38 AM

Post #2 of 3 (1420 views)
Permalink

Re: behavior of gcrypt depending on input data: "conflicting use" [In reply to]

Hi,

Instead of:

error = gcry_mpi_scan (&mpival, GCRYMPI_FMT_USG,
digest, hash_len, &nscanned );
assert ( error == 0 );
printf ( "nscanned: %lu\n", nscanned );

rc = gcry_sexp_build ( sign_parms, &errof,
"(data (flags pkcs1) (hash %s %m))",
HASH_NAME, mpival );
assert ( rc == 0 );
gcry_mpi_release ( mpival );

you should better do:

rc = gcry_sexp_build (sign_parms, NULL,
"(data (flags pkcs1)(hash %s %b))",
HASH_NAME, (int)hash_len, digest);

I have not looked at the actual problem with %m. If you want to figure
that out, you need to check the MPI and the resulting S-expression, for
example by inserting

gcry_mpi_dump (mpival); putc (.'\n', stderr);
gcry_sexp_dump (*sign_parms)

Shalom-Salam,

Werner

p.s. In general it is better to insert the actual code into the message
so that it is possible to answer even without an online connection.

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

christof.schulze at gmx

Jan 28, 2009, 12:43 PM

Post #3 of 3 (1409 views)
Permalink

Re: behavior of gcrypt depending on input data: "conflicting use" [In reply to]

Hello Werner,

thank you very much, after replacing the line the code works.

Christof

Am Dienstag 20 Januar 2009 09:38:43 schrieb Werner Koch:
> Hi,
>
> Instead of:
>
> error = gcry_mpi_scan (&mpival, GCRYMPI_FMT_USG,
> digest, hash_len, &nscanned );
> assert ( error == 0 );
> printf ( "nscanned: %lu\n", nscanned );
>
> rc = gcry_sexp_build ( sign_parms, &errof,
> "(data (flags pkcs1) (hash %s %m))",
> HASH_NAME, mpival );
> assert ( rc == 0 );
> gcry_mpi_release ( mpival );
>
> you should better do:
>
> rc = gcry_sexp_build (sign_parms, NULL,
> "(data (flags pkcs1)(hash %s %b))",
> HASH_NAME, (int)hash_len, digest);
>
>
> I have not looked at the actual problem with %m. If you want to figure
> that out, you need to check the MPI and the resulting S-expression, for
> example by inserting
>
> gcry_mpi_dump (mpival); putc (.'\n', stderr);
> gcry_sexp_dump (*sign_parms)
>
>
>
> Shalom-Salam,
>
> Werner
>
>
>
> p.s. In general it is better to insert the actual code into the message
> so that it is possible to answer even without an online connection.

Attachments:

signature.asc (0.19 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads