[openssl-users] RES: RES: Testing OpenSSL based solution

Marcus Vinicius do Nascimento m.vinicius at samsung.com
Tue May 12 20:50:03 UTC 2015 

I did some quick research and found this:
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm

If my understanding is correct, the public key is (p, q, g, y).

The private key would be x, such that y = g^x mod p.

 

Is there some way to generate both public and private keys using OpenSSL,
based on p, q, g and y?

 

 

 

De: openssl-users [mailto:openssl-users-bounces at openssl.org] Em nome de
Marcus Vinicius do Nascimento
Enviada em: terça-feira, 12 de maio de 2015 17:06
Para: openssl-users at openssl.org
Assunto: [openssl-users] RES: Testing OpenSSL based solution

 

Thanks for both answers.

 

I tried using Y as the public key, but ssl seems not to accept that.

Here is the error scenario:

 

>From the FIP file:

 

[mod = 1024]

 

P =
fda5442483ccf7a12399d6c13d56ff882d689524f1885fcb7424e26da2d200a1657b631dcc74
c73ecbd89fe42cc554b7062835c73d7203161e09742392b2b7c75253eea04a0b55d511646fbe
2e81a9d80463e956527f8d6d42f4193984d5dcc6a8dadff80f31e44405840828581f013e0748
59b885908aaab30d87660bbaf8cb

Q = dc678f95c673538f74dcbf67a80454c843937795

G =
efd89f2dcf6e6a6a77cf18f238b2419de127864218eb4550c9e1a73085f97d7988322d7eea91
590646373aa66f7a3d0994cb5ac741a19874eb9e79862b000e5978f3305bb70be4f987a12a68
6167316e663f4de995b36e74062e39a79a4b30e4d36977276e3d33c5165911d303d5682f8e0a
96c510e1d9606d09b5573a675362

 

Msg =
58b7b3639a8d99babfe57f814024c5e7a0893bcf47b692768e6c11561796894b5f898bf5968a
d85dae9019dbb24cd13759678f0edb0b687703a4a4e785e8b85293157593ab797e0eb338ff94
474a9c8752c3a83edb5798aa221db73aec931bfd1be3d70781647215f6649874a825101eb325
ee27f2a20a57145eb019f2a09993

Y =
808998aecbc5ab4679bf215e2166b371d249bb6e4bfc3404f2bcd2aaf61770851d236668252a
11f061fb54067ddaa97ed7bf5a5c836db02e5b1f9f1a627ac1eb2dcfa484ed5fef383f4bae7a
a18a3ef9ea94bab83439ccf261ec52529f298050b27df185eecccf8caa44b529c8fcbd88c6a3
3cc42b5b17244ea9e1099686a92b

R = 33bf9a15b6823e7c5583f94bcea2f0439a881f8c

S = 48feaff1ec4803fb88fdc70773d9ac7b84905d3a

Result = P

 

 

So I tried reformatting Y to pass it to PEM_read_bio_DSAPrivateKey.

 

Converting Y to Base64 =
"gImYrsvFq0Z5vyFeIWazcdJJu25L/DQE8rzSqvYXcIUdI2ZoJSoR8GH7VAZ92ql+179aXINtsC5
bH58aYnrB6y3PpITtX+84P0uueqGKPvnqlLq4NDnM8mHsUlKfKYBQsn3xhe7Mz4yqRLUpyPy9iMa
jPMQrWxckTqnhCZaGqSs="

Reformatting in PEM format = "-----BEGIN DSA PRIVATE KEY-----

gImYrsvFq0Z5vyFeIWazcdJJu25L/DQE8rzSqvYXcIUdI2ZoJSoR8GH7VAZ92ql+

179aXINtsC5bH58aYnrB6y3PpITtX+84P0uueqGKPvnqlLq4NDnM8mHsUlKfKYBQ

sn3xhe7Mz4yqRLUpyPy9iMajPMQrWxckTqnhCZaGqSs=

-----END DSA PRIVATE KEY-----

"

 

Code that matters:

 

    BIO * keybio = BIO_new_mem_buf(const_cast<char *>(key.c_str()), -1);

    if (keybio == NULL)

    {

                errormsg = "Can not create DSA key";

        return 0;

    }

 

    DSA *dsa = PEM_read_bio_DSAPrivateKey(keybio, &dsa, NULL, NULL);

                if (dsa == NULL)

                {

                                errormsg = "Can not read DSA key";

                }

    return dsa;

 

PEM_read_bio_DSAPrivateKey fails.

 

Am I missing something here?

 

 

 

 

De: openssl-users [mailto:openssl-users-bounces at openssl.org] Em nome de
Jakob Bohm
Enviada em: terça-feira, 12 de maio de 2015 15:42
Para: openssl-users at openssl.org
Assunto: Re: [openssl-users] Testing OpenSSL based solution

 

On 12/05/2015 20:10, Salz, Rich wrote:

You can't easily have test vectors for DSA signatures since they include a
random.  Any test vector would have to include the random, and any API would
have to be able to accept the random as part of the "sign" API.
Verification should be okay.
 
 


What Mr. Salz refers to by "Verification should be okay" 
is probably this:

You can have test vectors in the form of known good 
signatures with public keys listed in the test vector. 
For DSA, those would be the (message, y, r, s) quads 
mentioned by the OP (y is the public key, (r, s) is the 
signature), depending on his class library, it might be 
possible to reformat those vectors to the format used 
by his code for real messages.

The importance of such test vectors is to detect if an 
implementation is accidentally implementing a different 
signature algorithm (such as accidentally appending a 0 
byte to each message both during signing and 
verification).  This would not be detected by signing 
and verifying sample messages with random parameters.



Enjoy
 
Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150512/cb158d64/attachment.html>

More information about the openssl-users mailing list