[EXTERNAL] Using openssl-rsautl for verifying signatures.

Erwann Abalea erwann.abalea at docusign.com
Wed May 4 09:45:11 UTC 2022 

Bonjour,

The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding
for signature operations.
PKCS#1v1.5 is rewritten in RFC2313.

Using the command line tool, you can reproduce this:

echo -n "Mary had a little lamb." > datatosign

either one of the following can be used to sign data:
  openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing
  openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1
-binary datatosign) -sign -pkeyopt digest:sha1 > signing

and you can display the signature either way (this will not "verify", it
will only perform the RSA verify operation with PKCS#1v1.5 padding, without
checking the validity or even if what has been signed is a DigestInfo
structure, and output the result of the RSA operation):
  openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing
-asn1parse
  openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin
-in signing -asn1parse

or you can actually verify the thing without displaying the result of the
RSA verify crypto operation:
  openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in
<(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt
digest:sha1
  openssl dgst -verify tests/keys/rsa_key1.pub -signature signing
-sha1 datatosign

On Wed, May 4, 2022 at 7:16 AM Philip Prindeville <
philipp_subx at redfish-solutions.com> wrote:

> Hi,
>
> I did the following in trying to build some validation steps to use
> against my own rewrite of the crypto functions in Asterisk (to use
> EVP-PKEY).
>
> % echo -n "Mary had a little lamb." | openssl sha1 -binary > digest
>
> % od -t x1 digest
> 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
> 0000020 bd ef 57 00
> 0000024
>
> % openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest >
> signing
>
> % openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in
> signing > digest2
>
> % od -t x1 digest
> 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
> 0000020 bd ef 57 00
> 0000024
>
> And all of that looks good.
>
> But when I take the result of calling:
>
>         const char msg[] = "Mary had a little lamb.";
>         unsigned msglen = sizeof(msg) - 1;
>         char digest[20];
>
>         /* Calculate digest of message */
>         SHA1((unsigned char *)msg, msglen, digest);
>
>         res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen,
> key->rsa);
>
> And write that (dsig, siglen) to a file (signing2) and then try to verify
> that, I get very different results:
>
> openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in
> signing2  -asn1parse
>     0:d=0  hl=2 l=  33 cons: SEQUENCE
>     2:d=1  hl=2 l=   9 cons:  SEQUENCE
>     4:d=2  hl=2 l=   5 prim:   OBJECT            :sha1
>    11:d=2  hl=2 l=   0 prim:   NULL
>    13:d=1  hl=2 l=  20 prim:  OCTET STRING
>       0000 - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04
>  N.......L..v.]*.
>       0010 - bd ef 57 00                                       ..W.
>
> Why is RSA_sign() wrapping the signature in ASN.1?
>
> Or, put a different way, how do I reproduce what RSA_sign() is doing from
> the command line?
>
> Is there another command that does RSA signing besides rsautl?
>
> Thanks,
>
> -Philip
>
>
>

-- 
Cordialement,
Erwann Abalea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220504/2d01c13a/attachment.htm>

More information about the openssl-users mailing list