[openssl-users] Fwd: Openssl api for signature verification using digest

Siti Rafidah srafidah40 at gmail.com
Wed Aug 29 16:13:52 UTC 2018



All on my phone

Pada 29 Aug 2018, at 17:53, Linta Maria <lintamaria194 at gmail.com> menulis:

> Hi Viktor,
> 
> As you suggested, signature wasn't correct.
> With below input also it's not working.
> 
> Pubkey is read to evp_PKEY format
> 
> EVP_PKEY * vkey;
> char PubKey [] ="-----BEGIN PUBLIC KEY-----""\n"
>             "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEZo8DRHBFBN0w1YYw3w" "\n"
> 
>             "C/C/IxCH3WSDCBTZgPux+/Cm+Q+LtSHjxV2x+hHuR8+cWMgFIrpvN0jw1F6g0f3A" "\n"
> 
>             "QQvQmPkyIUZGN1C9Da+SEdpc12gZdAOdILUaeiDRNUYXJinbBPQaNGAQIWwuzCuj" "\n"
> 
>             "5sjZPrlJYDQ52kq2U86ZNcS/NVRZi+pFB4u0YHHiqJkQYT6yCQjR9Rdvxvjyg9L5" "\n"
> 
>             "9petX/xa0tBurw5eTLOC9UlufblJnS7zrVkpoHdtt9rRgDBJ4kTJypeHq0Tybgro" "\n"
> 
>             "hhxG1EqdAjoD0OjLV93JWr0DOmwWVE1SoJH/UBbgRXf40hxhdzswgJFWJLIdxfdj" "\n"
> 
>             "BwIDAQAB" "\n"
> 
>             "-----END PUBLIC KEY-----";
> 
>             BIO  *bio;
> 
>             bio = BIO_new_mem_buf(PubKey, strlen(PubKey) );
> 
>             PEM_read_bio_PUBKEY( bio, &vkey, NULL, NULL );
> 
>    
> 
> unsigned char  signew[]={0x14, 0x7e, 0x86, 0x9f, 0xfb, 0x10, 0xc8, 0xa4, 0x98, 0xae, 0xcb, 0xf8, 0xd4, 0xd7, 0xad, 0xf2, 0x18, 0x40, 0xaf, 0x06, 0x85, 0x8a, 0x69, 0xde, 0x29, 0x50, 0xf2, 0x52, 0x1c, 0x01, 0xbc, 0x3c, 0x45, 0x42, 0xb1, 0x32, 0xd8, 0x19, 0xf6, 0xf3, 0x11, 0x39, 0x03, 0xbf, 0x23, 0xfb, 0x5d, 0x97, 0x41, 0xb9, 0x85, 0xaf, 0x31, 0xf8, 0x32, 0x2f, 0xd2, 0xb6, 0x5b, 0xf1, 0x22, 0xfd, 0xda, 0x28, 0x58, 0x6f, 0x45, 0x4b, 0x5c, 0x74, 0xf0, 0x84, 0xf2, 0x1e, 0xfa, 0x33, 0xa3, 0x83, 0x38, 0x9f, 0xcf, 0x71, 0x37, 0x77, 0x6d, 0x86, 0x84, 0xc6, 0x5e, 0x3b, 0x71, 0xf5, 0x29, 0x2a, 0x43, 0xf4, 0x43, 0x38, 0x0a, 0x18, 0xf5, 0xbe, 0x6f, 0x03, 0xd3,  0x16, 0x79, 0x13, 0x89, 0x95, 0xb2, 0xd7, 0x27, 0xcf, 0xd4, 0x2b, 0x6b, 0xa1, 0xbd, 0xe3, 0x8e, 0xac, 0x24, 0x1b, 0xdd, 0x17, 0xf8, 0xe1, 0xf5, 0xb9, 0x5a, 0xd4, 0x97, 0xf4, 0xc3, 0xfc, 0x69, 0xc8, 0x40, 0x30, 0x76, 0x7d, 0x18, 0x7c, 0x58, 0x11, 0x3d, 0x78, 0x27, 0x41, 0xab, 0x1c, 0xd2, 0xd3, 0x5f, 0xe2, 0x94, 0xe1, 0x49, 0xba, 0x6b, 0xd7, 0xbe, 0x3a, 0x9d, 0x86, 0x62, 0xdc, 0xd7, 0x46, 0xae, 0xa3, 0x8e, 0xe1, 0x46, 0x27, 0xbc, 0xb2, 0x31, 0x69, 0xc5, 0x54, 0x15, 0x85,0x74, 0x1a, 0x66, 0x94, 0xa6, 0x68, 0x5e, 0xa2,0x1c, 0x38, 0x3d, 0x84, 0xd8, 0x3f, 0x84, 0x81,0x56, 0xc2, 0x9c, 0xac, 0xef, 0x68, 0xef, 0x68,0x96, 0xb3, 0xd1, 0xa9, 0x3a, 0x43, 0x75, 0xef,0xaf, 0xf2, 0x1b, 0xea, 0x96, 0xb8, 0x23, 0xef,0xa6, 0x09, 0x89, 0x15, 0x52, 0x26, 0xce, 0x1f,0x98, 0x02, 0x83, 0x22, 0x08, 0x60, 0x6c, 0xd9,0x14, 0x64, 0xe8, 0xef, 0x53, 0xea, 0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d, 0xdb, 0xaa};
> 
>            
> 
>  
> 
> unsigned char  hashnew[]={0x8f,0x43,0x43,0x46,0x64,0x8f,0x6b,0x96,0xdf,0x89,0xdd,0xa9,0x1c,0x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x27,0xaa,0x4};
> 
>  
> 
>  
> 
>  
> 
>  
> 
> ---------- Forwarded message ---------
> From: Viktor Dukhovni <openssl-users at dukhovni.org>
> Date: Wed 29 Aug, 2018, 11:30 AM
> Subject: Re: [openssl-users] Openssl api for signature verification using digest
> To: openssl-users at openssl.org <openssl-users at openssl.org>
> 
> 
> 
> 
> > On Aug 29, 2018, at 1:05 AM, Linta Maria <lintamaria194 at gmail.com> wrote:
> > 
> > Still its not working.
> 
> The code is working correctly. The real problem is that the PEM
> format 2048-bit RSA key you posted:
> 
> > ----BEGIN PUBLIC KEY-----
> > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> > FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
> > bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
> > yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
> > lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
> > 09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
> > 5QIDAQAB
> > -----END PUBLIC KEY-----
> 
> is NOT the key that was used to generate the below signature, or
> the signature was subsequently altered.
> 
> > Signature={ 0x24,0xb8,0xec,0xb4,0x4f,0x31,0xa6,0x8,0x72,0x61,0xc9,0xd3,0x1c,0xd0,0x9b,0xee,0x26,0x2d,0x3d,0xef,0xff,0x2c,0x5,0x78,0x4,0xd3,0xa3,0xff,0xdc,0x97,0x53,0xe6,0x6e,0x85,0x41,0x1b,0xb2,0x2c,0xed,0xbd,0xa6,0x5d,0x6f,0xac,0xbb,0xd5,0xb8,0xa0,0x9,0x2b,0xf1,0xf5,0xb6,0xce,0xdd,0x70,0x8a,0x1a,0xa1,0x20,0x11,0x2b,0xf0,0x17,0x41,0x83,0x80,0xf6,0x61,0xd4,0x6d,0x53,0x8f,0xf1,0x8c,0x19,0x42,0x93,0x96,0xa9,0xb6,0xf2,0x8f,0x27,0x9c,0x66,0x17,0xc5,0xca,0x3d,0xa9,0x3f,0xc5,0x76,0x5f,0x1b,0x31,0xf2,0xd3,0xe,0x78,0x53,0x97,0xcb,0x9d,0xc4,0xe6,0x41,0x61,0x58,0x44,0x5c,0xf5,0xc4,0x67,0x69,0x8,0xa,0x92,0xd5,0x7e,0x9c,0xb9,0x7e,0x54,0x8b,0x8a,0xb,0xa1,0x9a,0x63,0xbf,0xcc,0xed,0x63,0x2c,0xf8,0x14,0x25,0x6,0xa2,0x2,0x0,0x7,0x2e,0x1c,0xc1,0xeb,0x16,0x89,0xaa,0x69,0xe2,0x75,0x57,0x39,0x71,0x68,0xe,0xf,0xa4,0x7a,0xc5,0x14,0x97,0x88,0x67,0xd1,0x36,0x91,0x3b,0x49,0xe7,0xb4,0xf3,0xcb,0xca,0xf6,0xe9,0xb1,0x22,0xe9,0x85,0x89,0xab,0x2,0x4,0x3c,0x2e,0xbd,0x56,0x3,0x8a,0x8b,0x54,0xc6,0xe6,0xed,0x5b,0x4c,0
>  xa4,0x9e,0x1b,0xaa,0x90,0xc6,0xb,0x27,0x54,0xc0,0x50,0x5f,0x58,0x97,0xc,0x99,0x5c,0x2,0x74,0xfc,0x9f,0x4c,0x78,0x4e,0xc3,0xb4,0x6d,0x14,0xa1,0xdc,0x62,0xc5,0xfe,0x27,0xb8,0x7d,0x98,0x79,0x82,0x50,0x3a,0xbe,0x6f,0x83,0x79,0xd,0x8a,0xb8,0x3e,0xac,0xa,0xeb,0x62,0xd5,0x5e,0x95}
> 
> $ od -tx1 < /tmp/sig
> 0000000    24  b8  ec  b4  4f  31  a6  08  72  61  c9  d3  1c  d0  9b  ee
> 0000020    26  2d  3d  ef  ff  2c  05  78  04  d3  a3  ff  dc  97  53  e6
> 0000040    6e  85  41  1b  b2  2c  ed  bd  a6  5d  6f  ac  bb  d5  b8  a0
> 0000060    09  2b  f1  f5  b6  ce  dd  70  8a  1a  a1  20  11  2b  f0  17
> 0000100    41  83  80  f6  61  d4  6d  53  8f  f1  8c  19  42  93  96  a9
> 0000120    b6  f2  8f  27  9c  66  17  c5  ca  3d  a9  3f  c5  76  5f  1b
> 0000140    31  f2  d3  0e  78  53  97  cb  9d  c4  e6  41  61  58  44  5c
> 0000160    f5  c4  67  69  08  0a  92  d5  7e  9c  b9  7e  54  8b  8a  0b
> 0000200    a1  9a  63  bf  cc  ed  63  2c  f8  14  25  06  a2  02  00  07
> 0000220    2e  1c  c1  eb  16  89  aa  69  e2  75  57  39  71  68  0e  0f
> 0000240    a4  7a  c5  14  97  88  67  d1  36  91  3b  49  e7  b4  f3  cb
> 0000260    ca  f6  e9  b1  22  e9  85  89  ab  02  04  3c  2e  bd  56  03
> 0000300    8a  8b  54  c6  e6  ed  5b  4c  a4  9e  1b  aa  90  c6  0b  27
> 0000320    54  c0  50  5f  58  97  0c  99  5c  02  74  fc  9f  4c  78  4e
> 0000340    c3  b4  6d  14  a1  dc  62  c5  fe  27  b8  7d  98  79  82  50
> 0000360    3a  be  6f  83  79  0d  8a  b8  3e  ac  0a  eb  62  d5  5e  95
> 
> $ openssl rsa -pubin -in /tmp/key
> writing RSA key
> -----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
> bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
> yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
> lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
> 09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
> 5QIDAQAB
> -----END PUBLIC KEY-----
> 
> Which match your post, but raw public key encryption of the signature
> data does not yield a PKCS1 padded message:
> 
> $ openssl rsautl -encrypt -pubin -inkey /tmp/key -raw -in /tmp/sig | od -tx1
> 0000000    95  ca  3c  b7  cf  d3  19  3d  1d  4a  29  61  67  59  21  d1
> 0000020    61  47  9f  09  69  23  cc  05  77  21  e6  5c  12  9b  ed  39
> 0000040    06  7c  23  51  5f  e3  3f  48  45  df  41  89  2e  d6  92  4a
> 0000060    bd  b2  e8  36  e6  83  2a  1e  71  5e  5b  97  52  f2  bc  18
> 0000100    63  3b  45  e0  c1  0a  ec  48  ae  42  a3  e5  46  dc  80  77
> 0000120    87  19  a0  29  94  e7  33  2a  77  2b  bb  54  39  06  92  ca
> 0000140    df  b2  21  04  98  d7  cb  16  a6  a0  5b  ac  c3  d8  20  df
> 0000160    ac  8f  3a  6d  b9  20  7c  cb  52  5e  7f  f8  69  fc  39  7f
> 0000200    8b  db  c1  16  4c  df  ca  ba  d7  33  5f  8e  21  87  6b  ae
> 0000220    a8  e1  20  1b  e5  1f  8c  3f  18  2d  b4  c0  0d  66  ec  1e
> 0000240    f2  7b  78  ab  ad  3c  8c  da  80  24  25  3d  c8  19  ad  48
> 0000260    b3  21  ca  90  40  ce  dd  22  85  6d  8b  6f  ed  da  77  be
> 0000300    81  02  d3  d5  5a  ec  fd  9f  6e  4a  52  f1  18  31  d4  e1
> 0000320    14  43  17  02  ff  74  f8  ee  cf  2c  09  bc  60  d8  65  e3
> 0000340    3c  c2  e1  a9  09  5e  21  42  d2  0f  4f  aa  d5  75  47  69
> 0000360    51  f0  87  98  bd  7f  99  83  e1  22  33  56  0b  13  8e  37
> 0000400
> 
> By way of contrast:
> 
> $ openssl genrsa -out /tmp/key2.pem 2048 2>/dev/null
> $ echo foobar | openssl dgst -sha256 -sign /tmp/key2.pem -out /tmp/sig2
> $ openssl rsa -in /tmp/key2.pem -pubout > /tmp/pub2.pem 2>/dev/null
> $ openssl rsautl -encrypt -pubin -inkey /tmp/pub2.pem -raw -in /tmp/sig2 | od -vtx1
> 0000000    00  01  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000020    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000040    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000060    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000100    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000120    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000140    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000160    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000200    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000220    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000240    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000260    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
> 0000300    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  00  30  31  30
> 0000320    0d  06  09  60  86  48  01  65  03  04  02  01  05  00  04  20
> 0000340    ae  c0  70  64  5f  e5  3e  e3  b3  76  30  59  37  61  34  f0
> 0000360    58  cc  33  72  47  c9  78  ad  d1  78  b6  cc  df  b0  01  9f
> 0000400
> 
> Above you see that using the same key for a raw public encrypt as was used
> for signing, yields content that is PKCS1-padded as expected.
> 
> -- 
>         Viktor.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180830/0d6a04be/attachment-0001.html>


More information about the openssl-users mailing list