在 Crypto++ 中使用 ECDSA 的正确方法是什么

Question

When I verify a signature using ECDSA verifier in Crypto++, if the public key is incorrect the method just crash the application. Should I try catch the exception? What is the best way to handle this?

Thanks!

Answer 1

... should I try catch the exception? What is the best way to handle this?

It depends on how you want to do it. I think there are three options.

The information below is from Elliptic Curve Digital Signature Algorithm and SignatureVerificationFilter on the Crypto++ wiki.

First, you can catch the SignatureVerificationFailed exception if you like:

try
{
    DSA::Verifier verifier(publicKey);
    StringSource ss2(message+signature, true,
        new SignatureVerificationFilter(
            verifier, NULL, THROW_EXCEPTION
            /* SIGNATURE_AT_END */
       )
    );

    std::cout << "Verified signature on message" << std::endl;
}
catch (SignatureVerificationFailed& ex)
{
    std::cerr << "Failed to verify signature on message" << std::endl;
}

Second, you can get the result as a boolean value. Notice lack of THROW_EXCEPTION :

bool result = false;
StringSource ss(message+signature, true,
    new SignatureVerificationFilter(
        verifier,
        new ArraySink(
            (byte*)&result, sizeof(result)),
        PUT_RESULT | SIGNATURE_AT_END
   )
);

if(result)
    std::cout << "Verified signature on message" << std::endl;
else
    std::cerr << "Failed to verify signature on message" << std::endl;

Third, you can forgo pipelines and just call VerifyMessage on the Verifier object:

bool result = verifier.VerifyMessage(ConstBytePtr(message), BytePtrSize(message), ConstBytePtr(signature), BytePtrSize(signature));
if(result)
    std::cout << "Verified signature on message" << std::endl;
else
    std::cerr << "Failed to verify signature on message" << std::endl;