I am attempting to take a public key generated from Windows Hello and Verify the signature with the CryptoPP library. One of the issues is according to Windows Hello documentation a dev does not have access to private keys, so I need to use the signature given to me from Windows Hello (RequestSignAsync()) as well as the public key. Is this possible?
I have created a WinRT version of a Windows Hello interface based on this C# sample: https://github.com/Microsoft/Windows-universal-samples/tree/main/Samples/MicrosoftPassport
I have my reasons for not wanting to us the server code that is provided in the example, so I am attempting to verify signature with Crypto++.
Then sending the signature and public key to this CryptoPP setup:
CryptoPP::RSA::PublicKey keyPublic;
keyPublic.Load(CryptoPP::StringSource(pubkey, true, new CryptoPP::Base64Decoder()).Ref() );
CryptoPP::RSASS<CryptoPP::PKCS1v15, CryptoPP::SHA256>::Verifier verifier(keyPublic);
bool bSignatureVerified = false;
std::string sigdata;
CryptoPP::StringSource ss(sig,true,
new CryptoPP::Base64Decoder(
new CryptoPP::StringSink(sigdata)
)); // Base64Decoder
CryptoPP::StringSource ss2(sigdata, true,
new CryptoPP::SignatureVerificationFilter(
verifier,
new CryptoPP::ArraySink((CryptoPP::byte*)&bSignatureVerified,
sizeof(bSignatureVerified)
)
)
);
if(!bSignatureVerified)
{
return -2; //signed message not valid
}
else
{
return 0;
}
The public key and signature are being sent over from a Windows Hello interface. I am getting a failed verification here for some reason.
Here is the Windows Hello documentation: https://learn.microsoft.com/en-us/windows/uwp/security/microsoft-passport
Seems to match with my logic for Crypto++ (PKCS1v1.5, SHA256,ASN.1-encoded) but I must be missing something.
It looks like was not understanding that I needed to pass the signature AND the message.
This seemed to work: