in reply to Re: Re: Re: Re: MD5 Signature checking
in thread MD5 Signature checking


According to their instruction site, the Signature field of the cookie "The RSA encrypted MD5 digest of the rest of the cookie"

from the keyring extract the public key of the user,
decrypt the encrypted part of the signature,
it should give you a MD5 hash of the rest of the signature.
Compute the MD5 sum and compare it to the decrypted value,
if it's a match it means that the proper user sign the message
(you can decrypt it with his public key)
and that the sig wasn't modified/forged
(the encrypted MD5 hash is the same as the on you compute)

"Trying to be a SMART lamer" (thanx to Merlyn ;-)
  • Comment on Re: Re: Re: Re: Re: MD5 Signature checking

In Section Seekers of Perl Wisdom