[openssl-users] Openssl api for signature verification using digest

Viktor Dukhovni openssl-users at dukhovni.org
Wed Aug 29 06:00:07 UTC 2018


> On Aug 29, 2018, at 1:05 AM, Linta Maria <lintamaria194 at gmail.com> wrote:
> 
> Still its not working.

The code is working correctly. The real problem is that the PEM
format 2048-bit RSA key you posted:

> ----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
> bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
> yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
> lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
> 09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
> 5QIDAQAB
> -----END PUBLIC KEY-----

is NOT the key that was used to generate the below signature, or
the signature was subsequently altered.

> Signature={ 0x24,0xb8,0xec,0xb4,0x4f,0x31,0xa6,0x8,0x72,0x61,0xc9,0xd3,0x1c,0xd0,0x9b,0xee,0x26,0x2d,0x3d,0xef,0xff,0x2c,0x5,0x78,0x4,0xd3,0xa3,0xff,0xdc,0x97,0x53,0xe6,0x6e,0x85,0x41,0x1b,0xb2,0x2c,0xed,0xbd,0xa6,0x5d,0x6f,0xac,0xbb,0xd5,0xb8,0xa0,0x9,0x2b,0xf1,0xf5,0xb6,0xce,0xdd,0x70,0x8a,0x1a,0xa1,0x20,0x11,0x2b,0xf0,0x17,0x41,0x83,0x80,0xf6,0x61,0xd4,0x6d,0x53,0x8f,0xf1,0x8c,0x19,0x42,0x93,0x96,0xa9,0xb6,0xf2,0x8f,0x27,0x9c,0x66,0x17,0xc5,0xca,0x3d,0xa9,0x3f,0xc5,0x76,0x5f,0x1b,0x31,0xf2,0xd3,0xe,0x78,0x53,0x97,0xcb,0x9d,0xc4,0xe6,0x41,0x61,0x58,0x44,0x5c,0xf5,0xc4,0x67,0x69,0x8,0xa,0x92,0xd5,0x7e,0x9c,0xb9,0x7e,0x54,0x8b,0x8a,0xb,0xa1,0x9a,0x63,0xbf,0xcc,0xed,0x63,0x2c,0xf8,0x14,0x25,0x6,0xa2,0x2,0x0,0x7,0x2e,0x1c,0xc1,0xeb,0x16,0x89,0xaa,0x69,0xe2,0x75,0x57,0x39,0x71,0x68,0xe,0xf,0xa4,0x7a,0xc5,0x14,0x97,0x88,0x67,0xd1,0x36,0x91,0x3b,0x49,0xe7,0xb4,0xf3,0xcb,0xca,0xf6,0xe9,0xb1,0x22,0xe9,0x85,0x89,0xab,0x2,0x4,0x3c,0x2e,0xbd,0x56,0x3,0x8a,0x8b,0x54,0xc6,0xe6,0xed,0x5b,0x4c,0xa4,0x9e,0x1b,0xaa,0x90,0xc6,0xb,0x27,0x54,0xc0,0x50,0x5f,0x58,0x97,0xc,0x99,0x5c,0x2,0x74,0xfc,0x9f,0x4c,0x78,0x4e,0xc3,0xb4,0x6d,0x14,0xa1,0xdc,0x62,0xc5,0xfe,0x27,0xb8,0x7d,0x98,0x79,0x82,0x50,0x3a,0xbe,0x6f,0x83,0x79,0xd,0x8a,0xb8,0x3e,0xac,0xa,0xeb,0x62,0xd5,0x5e,0x95}

$ od -tx1 < /tmp/sig
0000000    24  b8  ec  b4  4f  31  a6  08  72  61  c9  d3  1c  d0  9b  ee
0000020    26  2d  3d  ef  ff  2c  05  78  04  d3  a3  ff  dc  97  53  e6
0000040    6e  85  41  1b  b2  2c  ed  bd  a6  5d  6f  ac  bb  d5  b8  a0
0000060    09  2b  f1  f5  b6  ce  dd  70  8a  1a  a1  20  11  2b  f0  17
0000100    41  83  80  f6  61  d4  6d  53  8f  f1  8c  19  42  93  96  a9
0000120    b6  f2  8f  27  9c  66  17  c5  ca  3d  a9  3f  c5  76  5f  1b
0000140    31  f2  d3  0e  78  53  97  cb  9d  c4  e6  41  61  58  44  5c
0000160    f5  c4  67  69  08  0a  92  d5  7e  9c  b9  7e  54  8b  8a  0b
0000200    a1  9a  63  bf  cc  ed  63  2c  f8  14  25  06  a2  02  00  07
0000220    2e  1c  c1  eb  16  89  aa  69  e2  75  57  39  71  68  0e  0f
0000240    a4  7a  c5  14  97  88  67  d1  36  91  3b  49  e7  b4  f3  cb
0000260    ca  f6  e9  b1  22  e9  85  89  ab  02  04  3c  2e  bd  56  03
0000300    8a  8b  54  c6  e6  ed  5b  4c  a4  9e  1b  aa  90  c6  0b  27
0000320    54  c0  50  5f  58  97  0c  99  5c  02  74  fc  9f  4c  78  4e
0000340    c3  b4  6d  14  a1  dc  62  c5  fe  27  b8  7d  98  79  82  50
0000360    3a  be  6f  83  79  0d  8a  b8  3e  ac  0a  eb  62  d5  5e  95

$ openssl rsa -pubin -in /tmp/key
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
5QIDAQAB
-----END PUBLIC KEY-----

Which match your post, but raw public key encryption of the signature
data does not yield a PKCS1 padded message:

$ openssl rsautl -encrypt -pubin -inkey /tmp/key -raw -in /tmp/sig | od -tx1
0000000    95  ca  3c  b7  cf  d3  19  3d  1d  4a  29  61  67  59  21  d1
0000020    61  47  9f  09  69  23  cc  05  77  21  e6  5c  12  9b  ed  39
0000040    06  7c  23  51  5f  e3  3f  48  45  df  41  89  2e  d6  92  4a
0000060    bd  b2  e8  36  e6  83  2a  1e  71  5e  5b  97  52  f2  bc  18
0000100    63  3b  45  e0  c1  0a  ec  48  ae  42  a3  e5  46  dc  80  77
0000120    87  19  a0  29  94  e7  33  2a  77  2b  bb  54  39  06  92  ca
0000140    df  b2  21  04  98  d7  cb  16  a6  a0  5b  ac  c3  d8  20  df
0000160    ac  8f  3a  6d  b9  20  7c  cb  52  5e  7f  f8  69  fc  39  7f
0000200    8b  db  c1  16  4c  df  ca  ba  d7  33  5f  8e  21  87  6b  ae
0000220    a8  e1  20  1b  e5  1f  8c  3f  18  2d  b4  c0  0d  66  ec  1e
0000240    f2  7b  78  ab  ad  3c  8c  da  80  24  25  3d  c8  19  ad  48
0000260    b3  21  ca  90  40  ce  dd  22  85  6d  8b  6f  ed  da  77  be
0000300    81  02  d3  d5  5a  ec  fd  9f  6e  4a  52  f1  18  31  d4  e1
0000320    14  43  17  02  ff  74  f8  ee  cf  2c  09  bc  60  d8  65  e3
0000340    3c  c2  e1  a9  09  5e  21  42  d2  0f  4f  aa  d5  75  47  69
0000360    51  f0  87  98  bd  7f  99  83  e1  22  33  56  0b  13  8e  37
0000400

By way of contrast:

$ openssl genrsa -out /tmp/key2.pem 2048 2>/dev/null
$ echo foobar | openssl dgst -sha256 -sign /tmp/key2.pem -out /tmp/sig2
$ openssl rsa -in /tmp/key2.pem -pubout > /tmp/pub2.pem 2>/dev/null
$ openssl rsautl -encrypt -pubin -inkey /tmp/pub2.pem -raw -in /tmp/sig2 | od -vtx1
0000000    00  01  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000020    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000040    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000060    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000100    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000120    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000140    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000160    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000200    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000220    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000240    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000260    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000300    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  00  30  31  30
0000320    0d  06  09  60  86  48  01  65  03  04  02  01  05  00  04  20
0000340    ae  c0  70  64  5f  e5  3e  e3  b3  76  30  59  37  61  34  f0
0000360    58  cc  33  72  47  c9  78  ad  d1  78  b6  cc  df  b0  01  9f
0000400

Above you see that using the same key for a raw public encrypt as was used
for signing, yields content that is PKCS1-padded as expected.

-- 
	Viktor.



More information about the openssl-users mailing list