When I verify a signature using ECDSA verifier in Crypto++, if the public key is incorrect the method just crash the application. Should I try catch the exception? What is the best way to handle this?
Thanks!
... should I try catch the exception? What is the best way to handle this?
It depends on how you want to do it. I think there are three options.
The information below is from Elliptic Curve Digital Signature Algorithm and SignatureVerificationFilter on the Crypto++ wiki.
First, you can catch the SignatureVerificationFailed exception if you like:
try
{
DSA::Verifier verifier(publicKey);
StringSource ss2(message+signature, true,
new SignatureVerificationFilter(
verifier, NULL, THROW_EXCEPTION
/* SIGNATURE_AT_END */
)
);
std::cout << "Verified signature on message" << std::endl;
}
catch (SignatureVerificationFailed& ex)
{
std::cerr << "Failed to verify signature on message" << std::endl;
}
Second, you can get the result as a boolean value. Notice lack of THROW_EXCEPTION:
bool result = false;
StringSource ss(message+signature, true,
new SignatureVerificationFilter(
verifier,
new ArraySink(
(byte*)&result, sizeof(result)),
PUT_RESULT | SIGNATURE_AT_END
)
);
if(result)
std::cout << "Verified signature on message" << std::endl;
else
std::cerr << "Failed to verify signature on message" << std::endl;
Third, you can forgo pipelines and just call VerifyMessage on the Verifier object:
bool result = verifier.VerifyMessage(ConstBytePtr(message), BytePtrSize(message), ConstBytePtr(signature), BytePtrSize(signature));
if(result)
std::cout << "Verified signature on message" << std::endl;
else
std::cerr << "Failed to verify signature on message" << std::endl;