Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

Pedro Filipe
Hello,

I'm generating a key pair in a smartcard (as a session object), then I convert both keys to RSA openssl objects.

Then I save both into different files.
I tried use these keys to sign and verify (private encrypts and public decrypts).
When I try to verify the signature, fails with RSA_padding_check_PKCS1_type_1:invalid padding.

I run following commands:
echo "test" > "test.txt"
openssl rsautl -sign -in test.txt -inkey privKey.pem -out sig
openssl rsautl -verify -in sig -inkey pubKeyp8.pem -pubin


Below pub and priv key:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDsCXvs8rmEDP+NuB4mCvztondC+yfzy6DYswE6jvSJdgZe8PAh
kNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ8vpu+yhqujRlwill+T9JCtA+
DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxoc5GAc7UhAy7VZyj6jQIDAQAB
AoGBALWREhgSGqy+hvKQN/jRqQBvYkhPBMufzwoCoKZYAzmeZYYw1rcrQD6Nq0fL
vOSttuT+o3OplNarfdk/dToy0qfnDcNqmY3XTQbhn5SG/R8Ye5qFmyP/lZuN4NYI
TGiPO6Dt7y6IUp2inhAUkWcqMlr/5y2Kg6/Mh5CtghuhGriBAkEA+xht1GA7gc/N
pfam97iwlj6EBQUk8sX1UjSHWy5vH6RHNW0w1hDq9PrBYTT8mFuDMKA3kNdTw3JZ
2vTce4QELQJBAPClwe40HA9RKHfn5RjEFvvf0rt4/4LU3TAnmWZRuF+KU2JoxSs8
Ue+jx82PeqyH4KAD0tTboJBFt5PJLDz86+ECQHoiydmR7aAY+kkODu1UMuECC6l9
dRl53PhdgLGDhp33hIOiVyzpEcCT8FheM7fQW6HdbOnRM3dQOhDdJhoWfwkCQH+g
GTLAliUVcLXu2VSCIoJgWP2uFSyIwenZBoT6UCLzVHe7gt4ENpw2Ky/8qR25Tkru
3DChbg01vD93kKujo2ECQFQH9eMd1jr8K+/AZKdVUU0Nd3aSq3se+g25bTLBPt7k
x0yYAdd3XrfAys55ujSFEwFL9eGzNWXrBN9S2/yS8kU=
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PUBLIC KEY-----
MIGHAoGBAOwJe+zyuYQM/424HiYK/O2id0L7J/PLoNizATqO9Il2Bl7w8CGQ1qDK
hawI0ao0SqlCZdjVR+bGHi10ieh38rJPi5ny+m77KGq6NGXCKWX5P0kK0D4OdRKf
RCI5Xs5UVEySV4ZbQAOvUtSn7BF7hpL/HGhzkYBztSEDLtVnKPqNAgEB
-----END RSA PUBLIC KEY-----

-----BEGIN PUBLIC KEY-----
MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDsCXvs8rmEDP+NuB4mCvztondC
+yfzy6DYswE6jvSJdgZe8PAhkNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ
8vpu+yhqujRlwill+T9JCtA+DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxo
c5GAc7UhAy7VZyj6jQIBAQ==
-----END PUBLIC KEY-----

Could you please help me with this?
Thanks in advance.
--
Regards,
Pedro Lopes
Reply | Threaded
Open this post in threaded view
|

Re: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

Ken Goldman-2
On 2/13/2020 12:40 PM, Pedro Lopes wrote:
> When I try to verify the signature, fails
> with RSA_padding_check_PKCS1_type_1:invalid padding.

That error typically means that the verification public key does
does not match the signing private key.

Reply | Threaded
Open this post in threaded view
|

Re: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

Blumenthal, Uri - 0553 - MITLL
In reply to this post by Pedro Filipe

If you generated a keypair in a smartcard, how did you extract the private key out of it??? The whole point of a smartcard is to prevent that from being possible.

 

So, like Ken suggested, I’ve no idea where the private key you posted was coming from – but reasonably sure it has no relation to what’s in the smartcard.

 

To use keys on the smartcard, you need libp11 package, something like (my test-script uses RSA-PSS, but that doesn’t matter – adjust the OpenSSL parameters):

 

$ pkcs11-rsa-pss-sign-demo2

This is not a CAC

Generating ephemeral file /tmp/derive.20560.text to test RSA-PSS signature...

 

openssl rand -engine rdrand -hex -out /tmp/derive.20560.text 5120

engine "rdrand" set.

 

Signing file /tmp/derive.20560.text...

openssl dgst -engine pkcs11 -keyform engine -sign "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out /tmp/derive.20560.text.sig /tmp/derive.20560.text

engine "pkcs11" set.

Enter PKCS#11 token PIN for XXXXXXXXXXXX:

Signature for /tmp/derive.20560.text is stored in /tmp/derive.20560.text.sig

 

Verifying signature:

openssl dgst -engine pkcs11 -keyform engine -verify "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature /tmp/derive.20560.text.sig  /tmp/derive.20560.text

engine "pkcs11" set.

Verified OK

 

$

 

IMHO, it is a bad idea to use “rsautl” here – better to follow my example above. But if you must – here it is:

 

$ openssl rand -hex -out /tmp/t.text 24

$ openssl rsautl -engine pkcs11 -keyform engine -sign -inkey "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -in /tmp/t.text -out /tmp/t.text.sig

engine "pkcs11" set.

Enter PKCS#11 token PIN for Blumenthal, Uri (UR20980):

$ openssl rsautl -engine pkcs11 -keyform engine -pubin -verify -inkey "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -in /tmp/t.text.sig

engine "pkcs11" set.

c0e78791e0eb900eb36436da9cd4dcf85619c61a486e4b03

$ cat /tmp/t.text

c0e78791e0eb900eb36436da9cd4dcf85619c61a486e4b03

$

 

 

From: openssl-users <[hidden email]> on behalf of Pedro Lopes <[hidden email]>
Date: Thursday, February 13, 2020 at 12:40 PM
To: openssl-users <[hidden email]>
Subject: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

 

Hello,

 

I'm generating a key pair in a smartcard (as a session object), then I convert both keys to RSA openssl objects.

 

Then I save both into different files.

I tried use these keys to sign and verify (private encrypts and public decrypts).

When I try to verify the signature, fails with RSA_padding_check_PKCS1_type_1:invalid padding.

 

I run following commands:
echo "test" > "test.txt"
openssl rsautl -sign -in test.txt -inkey privKey.pem -out sig
openssl rsautl -verify -in sig -inkey pubKeyp8.pem -pubin

 

Below pub and priv key:

 

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDsCXvs8rmEDP+NuB4mCvztondC+yfzy6DYswE6jvSJdgZe8PAh
kNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ8vpu+yhqujRlwill+T9JCtA+
DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxoc5GAc7UhAy7VZyj6jQIDAQAB
AoGBALWREhgSGqy+hvKQN/jRqQBvYkhPBMufzwoCoKZYAzmeZYYw1rcrQD6Nq0fL
vOSttuT+o3OplNarfdk/dToy0qfnDcNqmY3XTQbhn5SG/R8Ye5qFmyP/lZuN4NYI
TGiPO6Dt7y6IUp2inhAUkWcqMlr/5y2Kg6/Mh5CtghuhGriBAkEA+xht1GA7gc/N
pfam97iwlj6EBQUk8sX1UjSHWy5vH6RHNW0w1hDq9PrBYTT8mFuDMKA3kNdTw3JZ
2vTce4QELQJBAPClwe40HA9RKHfn5RjEFvvf0rt4/4LU3TAnmWZRuF+KU2JoxSs8
Ue+jx82PeqyH4KAD0tTboJBFt5PJLDz86+ECQHoiydmR7aAY+kkODu1UMuECC6l9
dRl53PhdgLGDhp33hIOiVyzpEcCT8FheM7fQW6HdbOnRM3dQOhDdJhoWfwkCQH+g
GTLAliUVcLXu2VSCIoJgWP2uFSyIwenZBoT6UCLzVHe7gt4ENpw2Ky/8qR25Tkru
3DChbg01vD93kKujo2ECQFQH9eMd1jr8K+/AZKdVUU0Nd3aSq3se+g25bTLBPt7k
x0yYAdd3XrfAys55ujSFEwFL9eGzNWXrBN9S2/yS8kU=
-----END RSA PRIVATE KEY-----

 

-----BEGIN RSA PUBLIC KEY-----
MIGHAoGBAOwJe+zyuYQM/424HiYK/O2id0L7J/PLoNizATqO9Il2Bl7w8CGQ1qDK
hawI0ao0SqlCZdjVR+bGHi10ieh38rJPi5ny+m77KGq6NGXCKWX5P0kK0D4OdRKf
RCI5Xs5UVEySV4ZbQAOvUtSn7BF7hpL/HGhzkYBztSEDLtVnKPqNAgEB
-----END RSA PUBLIC KEY-----

 

-----BEGIN PUBLIC KEY-----
MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDsCXvs8rmEDP+NuB4mCvztondC
+yfzy6DYswE6jvSJdgZe8PAhkNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ
8vpu+yhqujRlwill+T9JCtA+DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxo
c5GAc7UhAy7VZyj6jQIBAQ==
-----END PUBLIC KEY-----

 

Could you please help me with this?

Thanks in advance.

--

Regards,

Pedro Lopes


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

Pedro Filipe
Of course, it wasnt generated in a smartcard, so stupid, it was a misunderstanding. I'm generating the key with RSA_generate_key_ex function.
Thanks for your examples, i'll try it.

Blumenthal, Uri - 0553 - MITLL <[hidden email]> escreveu no dia quinta, 13/02/2020 à(s) 18:46:

If you generated a keypair in a smartcard, how did you extract the private key out of it??? The whole point of a smartcard is to prevent that from being possible.

 

So, like Ken suggested, I’ve no idea where the private key you posted was coming from – but reasonably sure it has no relation to what’s in the smartcard.

 

To use keys on the smartcard, you need libp11 package, something like (my test-script uses RSA-PSS, but that doesn’t matter – adjust the OpenSSL parameters):

 

$ pkcs11-rsa-pss-sign-demo2

This is not a CAC

Generating ephemeral file /tmp/derive.20560.text to test RSA-PSS signature...

 

openssl rand -engine rdrand -hex -out /tmp/derive.20560.text 5120

engine "rdrand" set.

 

Signing file /tmp/derive.20560.text...

openssl dgst -engine pkcs11 -keyform engine -sign "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out /tmp/derive.20560.text.sig /tmp/derive.20560.text

engine "pkcs11" set.

Enter PKCS#11 token PIN for XXXXXXXXXXXX:

Signature for /tmp/derive.20560.text is stored in /tmp/derive.20560.text.sig

 

Verifying signature:

openssl dgst -engine pkcs11 -keyform engine -verify "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -sha384 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature /tmp/derive.20560.text.sig  /tmp/derive.20560.text

engine "pkcs11" set.

Verified OK

 

$

 

IMHO, it is a bad idea to use “rsautl” here – better to follow my example above. But if you must – here it is:

 

$ openssl rand -hex -out /tmp/t.text 24

$ openssl rsautl -engine pkcs11 -keyform engine -sign -inkey "pkcs11:manufacturer=piv_II;object=SIGN%20key;type=private" -in /tmp/t.text -out /tmp/t.text.sig

engine "pkcs11" set.

Enter PKCS#11 token PIN for Blumenthal, Uri (UR20980):

$ openssl rsautl -engine pkcs11 -keyform engine -pubin -verify -inkey "pkcs11:manufacturer=piv_II;object=SIGN%20pubkey;type=public" -in /tmp/t.text.sig

engine "pkcs11" set.

c0e78791e0eb900eb36436da9cd4dcf85619c61a486e4b03

$ cat /tmp/t.text

c0e78791e0eb900eb36436da9cd4dcf85619c61a486e4b03

$

 

 

From: openssl-users <[hidden email]> on behalf of Pedro Lopes <[hidden email]>
Date: Thursday, February 13, 2020 at 12:40 PM
To: openssl-users <[hidden email]>
Subject: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

 

Hello,

 

I'm generating a key pair in a smartcard (as a session object), then I convert both keys to RSA openssl objects.

 

Then I save both into different files.

I tried use these keys to sign and verify (private encrypts and public decrypts).

When I try to verify the signature, fails with RSA_padding_check_PKCS1_type_1:invalid padding.

 

I run following commands:
echo "test" > "test.txt"
openssl rsautl -sign -in test.txt -inkey privKey.pem -out sig
openssl rsautl -verify -in sig -inkey pubKeyp8.pem -pubin

 

Below pub and priv key:

 

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDsCXvs8rmEDP+NuB4mCvztondC+yfzy6DYswE6jvSJdgZe8PAh
kNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ8vpu+yhqujRlwill+T9JCtA+
DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxoc5GAc7UhAy7VZyj6jQIDAQAB
AoGBALWREhgSGqy+hvKQN/jRqQBvYkhPBMufzwoCoKZYAzmeZYYw1rcrQD6Nq0fL
vOSttuT+o3OplNarfdk/dToy0qfnDcNqmY3XTQbhn5SG/R8Ye5qFmyP/lZuN4NYI
TGiPO6Dt7y6IUp2inhAUkWcqMlr/5y2Kg6/Mh5CtghuhGriBAkEA+xht1GA7gc/N
pfam97iwlj6EBQUk8sX1UjSHWy5vH6RHNW0w1hDq9PrBYTT8mFuDMKA3kNdTw3JZ
2vTce4QELQJBAPClwe40HA9RKHfn5RjEFvvf0rt4/4LU3TAnmWZRuF+KU2JoxSs8
Ue+jx82PeqyH4KAD0tTboJBFt5PJLDz86+ECQHoiydmR7aAY+kkODu1UMuECC6l9
dRl53PhdgLGDhp33hIOiVyzpEcCT8FheM7fQW6HdbOnRM3dQOhDdJhoWfwkCQH+g
GTLAliUVcLXu2VSCIoJgWP2uFSyIwenZBoT6UCLzVHe7gt4ENpw2Ky/8qR25Tkru
3DChbg01vD93kKujo2ECQFQH9eMd1jr8K+/AZKdVUU0Nd3aSq3se+g25bTLBPt7k
x0yYAdd3XrfAys55ujSFEwFL9eGzNWXrBN9S2/yS8kU=
-----END RSA PRIVATE KEY-----

 

-----BEGIN RSA PUBLIC KEY-----
MIGHAoGBAOwJe+zyuYQM/424HiYK/O2id0L7J/PLoNizATqO9Il2Bl7w8CGQ1qDK
hawI0ao0SqlCZdjVR+bGHi10ieh38rJPi5ny+m77KGq6NGXCKWX5P0kK0D4OdRKf
RCI5Xs5UVEySV4ZbQAOvUtSn7BF7hpL/HGhzkYBztSEDLtVnKPqNAgEB
-----END RSA PUBLIC KEY-----

 

-----BEGIN PUBLIC KEY-----
MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDsCXvs8rmEDP+NuB4mCvztondC
+yfzy6DYswE6jvSJdgZe8PAhkNagyoWsCNGqNEqpQmXY1Ufmxh4tdInod/KyT4uZ
8vpu+yhqujRlwill+T9JCtA+DnUSn0QiOV7OVFRMkleGW0ADr1LUp+wRe4aS/xxo
c5GAc7UhAy7VZyj6jQIBAQ==
-----END PUBLIC KEY-----

 

Could you please help me with this?

Thanks in advance.

--

Regards,

Pedro Lopes



--
Cumprimentos,
Pedro Lopes