<div dir="ltr"><div dir="ltr">Bonjour,</div><div dir="ltr"><br></div><div>The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations.</div><div>PKCS#1v1.5 is rewritten in RFC2313.</div><div><br></div><div>Using the command line tool, you can reproduce this:</div><div><br></div><div>echo -n "Mary had a little lamb." > datatosign<br></div><div><br></div><div>either one of the following can be used to sign data:</div><div> openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing<br></div><div> openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing<br></div><div><br></div><div>and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation):</div><div> openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse<br></div><div> openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse<br></div><div><br></div><div>or you can actually verify the thing without displaying the result of the RSA verify crypto operation:</div><div> openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1<br></div><div> openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, May 4, 2022 at 7:16 AM Philip Prindeville <<a href="mailto:philipp_subx@redfish-solutions.com">philipp_subx@redfish-solutions.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
I did the following in trying to build some validation steps to use against my own rewrite of the crypto functions in Asterisk (to use EVP-PKEY).<br>
<br>
% echo -n "Mary had a little lamb." | openssl sha1 -binary > digest<br>
<br>
% od -t x1 digest<br>
0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04<br>
0000020 bd ef 57 00<br>
0000024<br>
<br>
% openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest > signing<br>
<br>
% openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in signing > digest2<br>
<br>
% od -t x1 digest<br>
0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04<br>
0000020 bd ef 57 00<br>
0000024<br>
<br>
And all of that looks good.<br>
<br>
But when I take the result of calling:<br>
<br>
const char msg[] = "Mary had a little lamb.";<br>
unsigned msglen = sizeof(msg) - 1;<br>
char digest[20];<br>
<br>
/* Calculate digest of message */<br>
SHA1((unsigned char *)msg, msglen, digest);<br>
<br>
res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa);<br>
<br>
And write that (dsig, siglen) to a file (signing2) and then try to verify that, I get very different results:<br>
<br>
openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in signing2 -asn1parse<br>
0:d=0 hl=2 l= 33 cons: SEQUENCE <br>
2:d=1 hl=2 l= 9 cons: SEQUENCE <br>
4:d=2 hl=2 l= 5 prim: OBJECT :sha1<br>
11:d=2 hl=2 l= 0 prim: NULL <br>
13:d=1 hl=2 l= 20 prim: OCTET STRING <br>
0000 - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04 N.......L..v.]*.<br>
0010 - bd ef 57 00 ..W.<br>
<br>
Why is RSA_sign() wrapping the signature in ASN.1?<br>
<br>
Or, put a different way, how do I reproduce what RSA_sign() is doing from the command line?<br>
<br>
Is there another command that does RSA signing besides rsautl?<br>
<br>
Thanks,<br>
<br>
-Philip<br>
<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Cordialement,<div>Erwann Abalea.</div></div></div></div>