From Crypto++ Wiki
Jump to: navigation, search

SignerFilter is a generic interface that Crypto++ uses for creating signatures. SignerFilter is a PK_Signer-derived class used to create a digital signature on input data. The counterpart to a SignerFilter is a SignatureVerificationFilter.

The class reference for SignerFilter can be found at the SignerFilter Class Reference.


SignerFilter(RandomNumberGenerator &rng, const PK_Signer &signer,
    BufferedTransformation *attachment=NULL, bool putMessage=false)

rng is a cryptographically secure random number generator. Some signature schemes, such as the Digital Signature Algorithm, require a random, per message value. If the scheme in use does not require a random source, use the NullRng() declared in cryptlib.h. See the cryptlib.h File Reference.

signer is a PK_Signer-derived object. Each signature scheme supplies its own signer which implements the signing algorithm.

attachment is a BufferedTransformation-derived object. The BufferedTransformation allows objects to particpate in pipelining.

putMessage controls whether the message is placed in the attached BufferedTransormation (which is usually a Sink). If putMessage = false, the message is not part of the signature. When verification occurs, message+signature would be presented to the verifier (most likely a SignatureVerificationFilter). If putMessage = true, the signature is prepended to the message. In this case, only signature would be presented to the verifier since signature is actually a concatenation of the message and signature.

When using a signature scheme with recovery, such as PSSR, putMessage should be specified as true. If putMessage is left at its default value for a recovery scheme, the message will not be interleaved into the signature using its redundancy function. See, for example, Signature with recovery problem.

Sample Program

The following code loads a private key and then signs a message. The byte array representing the pair { message, signature } would be sent for verification. The party performing the verification must have the public key associated with the private key.

In the DSA example below, only the signature on the message will be placed in signature since putMessage = false.

// Generate or Load keys
DSA::PrivateKey privateKey = ...;

string message="Digital Signature", signature;

DSA::Signer signer(privateKey);
StringSource(message, true, 
    new SignerFilter(rng, signer,
        new StringSink(signature)
    ) // SignerFilter
); // StringSource

The example below is from RSA Signature Schemes. The sample demonstrates signing and recovery with putMessage = true. signature will include both the message and the signature.

// Generate or Load keys
RSA::PrivateKey privateKey = ...;
RSA::PublicKey publicKey = ...; 

// Setup
string message = "RSA-PSSR Test";
string signature, recovered;    

// Sign and Encode
RSASS<PSSR, SHA1>::Signer signer(privateKey);

StringSource(message, true, 
    new SignerFilter(rng, signer,
        new StringSink(signature),
        true // putMessage for recovery
   ) // SignerFilter
); // StringSource

// Verify and Recover
RSASS<PSSR, SHA1>::Verifier verifier(publicKey);

StringSource(signature, true,
    new SignatureVerificationFilter(
        new StringSink(recovered),
   ) // SignatureVerificationFilter
); // StringSource

// The SignatureVerificationFilter did not
// throw an exception. Use recovered as expected.
cout << "Verified signature on message" << endl;

Downloads Crypto++ DSA sample program - 5KB - Demonstrates RSA-SSA (Appendix) using SignerFilter - 5KB - Demonstrates RSA-PSSR (Recovery) using SignerFilter - 5KB