During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Graham Leggett
Hi all,

I have a WIndows 10 system with a smartcard attached to it.

Firefox+Smartcard works great.

Edge using the smartcard to the same site returns the following:

[Fri Aug 02 13:47:43.238262 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
[Fri Aug 02 13:47:43.238306 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
[Fri Aug 02 13:47:43.238356 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:1408807B:SSL routines:SSL3_GET_CERT_VERIFY:bad signature

What is the above trying to tell me?

Am I right in assuming that Edge is trying to use the wrong cert with the wrong key?

Regards,
Graham



smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Viktor Dukhovni
> On Aug 2, 2019, at 8:21 AM, Graham Leggett <[hidden email]> wrote:
>
> Edge using the smartcard to the same site returns the following:
>
> [Fri Aug 02 13:47:43.238262 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> [Fri Aug 02 13:47:43.238306 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> [Fri Aug 02 13:47:43.238356 2019] [ssl:info] [pid 20742:tid 139771397486336] SSL Library Error: error:1408807B:SSL routines:SSL3_GET_CERT_VERIFY:bad signature
>
> What is the above trying to tell me?
>
> Am I right in assuming that Edge is trying to use the wrong cert with the wrong key?

An RSA signature verification operation (block type 01) failed,
typically because the public used to check the signature does
not match the private key used to sign the data.

Is this a server-side log or a client-side log?  If the client is
using the wrong private key or wrong certificate, then I'd expect
to see this type of error on the server.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: During client cert verification: RSA_padding_check_PKCS1_type_1:block type is not 01

Graham Leggett
On 04 Aug 2019, at 01:56, Viktor Dukhovni <[hidden email]> wrote:

> An RSA signature verification operation (block type 01) failed,
> typically because the public used to check the signature does
> not match the private key used to sign the data.

Thanks for confirming this.

> Is this a server-side log or a client-side log?  If the client is
> using the wrong private key or wrong certificate, then I'd expect
> to see this type of error on the server.

It’s a server side log of httpd linked to openssl.

I have a MyEID smartcard with two certs and two keys on it. When the smartcard is used with Firefox and the OpenSC PKCS11 drivers, everything works fine. When the smartcard is used with Windows 10 + Edge and the native manufacturer drivers, the wrong key is chosen for the certificate, and access is denied as above.

Regards,
Graham



smime.p7s (4K) Download Attachment