Fwd: Openssl api for signature verification using digest

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Openssl api for signature verification using digest

Linta Maria
Hi Viktor,

As you suggested, signature wasn't correct.
With below input also it's not working.

Pubkey is read to evp_PKEY format

EVP_PKEY * vkey;
char PubKey [] ="-----BEGIN PUBLIC KEY-----""\n"

            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEZo8DRHBFBN0w1YYw3w" "\n"

            "C/C/IxCH3WSDCBTZgPux+/Cm+Q+LtSHjxV2x+hHuR8+cWMgFIrpvN0jw1F6g0f3A" "\n"

            "QQvQmPkyIUZGN1C9Da+SEdpc12gZdAOdILUaeiDRNUYXJinbBPQaNGAQIWwuzCuj" "\n"

            "5sjZPrlJYDQ52kq2U86ZNcS/NVRZi+pFB4u0YHHiqJkQYT6yCQjR9Rdvxvjyg9L5" "\n"

            "9petX/xa0tBurw5eTLOC9UlufblJnS7zrVkpoHdtt9rRgDBJ4kTJypeHq0Tybgro" "\n"

            "hhxG1EqdAjoD0OjLV93JWr0DOmwWVE1SoJH/UBbgRXf40hxhdzswgJFWJLIdxfdj" "\n"

            "BwIDAQAB" "\n"

            "-----END PUBLIC KEY-----";

            BIO  *bio;

            bio = BIO_new_mem_buf(PubKey, strlen(PubKey) );

            PEM_read_bio_PUBKEY( bio, &vkey, NULL, NULL );

   

unsigned char  signew[]={0x14, 0x7e, 0x86, 0x9f, 0xfb, 0x10, 0xc8, 0xa4, 0x98, 0xae, 0xcb, 0xf8, 0xd4, 0xd7, 0xad, 0xf2, 0x18, 0x40, 0xaf, 0x06, 0x85, 0x8a, 0x69, 0xde, 0x29, 0x50, 0xf2, 0x52, 0x1c, 0x01, 0xbc, 0x3c, 0x45, 0x42, 0xb1, 0x32, 0xd8, 0x19, 0xf6, 0xf3, 0x11, 0x39, 0x03, 0xbf, 0x23, 0xfb, 0x5d, 0x97, 0x41, 0xb9, 0x85, 0xaf, 0x31, 0xf8, 0x32, 0x2f, 0xd2, 0xb6, 0x5b, 0xf1, 0x22, 0xfd, 0xda, 0x28, 0x58, 0x6f, 0x45, 0x4b, 0x5c, 0x74, 0xf0, 0x84, 0xf2, 0x1e, 0xfa, 0x33, 0xa3, 0x83, 0x38, 0x9f, 0xcf, 0x71, 0x37, 0x77, 0x6d, 0x86, 0x84, 0xc6, 0x5e, 0x3b, 0x71, 0xf5, 0x29, 0x2a, 0x43, 0xf4, 0x43, 0x38, 0x0a, 0x18, 0xf5, 0xbe, 0x6f, 0x03, 0xd3, 0x16, 0x79, 0x13, 0x89, 0x95, 0xb2, 0xd7, 0x27, 0xcf, 0xd4, 0x2b, 0x6b, 0xa1, 0xbd, 0xe3, 0x8e, 0xac, 0x24, 0x1b, 0xdd, 0x17, 0xf8, 0xe1, 0xf5, 0xb9, 0x5a, 0xd4, 0x97, 0xf4, 0xc3, 0xfc, 0x69, 0xc8, 0x40, 0x30, 0x76, 0x7d, 0x18, 0x7c, 0x58, 0x11, 0x3d, 0x78, 0x27, 0x41, 0xab, 0x1c, 0xd2, 0xd3, 0x5f, 0xe2, 0x94, 0xe1, 0x49, 0xba, 0x6b, 0xd7, 0xbe, 0x3a, 0x9d, 0x86, 0x62, 0xdc, 0xd7, 0x46, 0xae, 0xa3, 0x8e, 0xe1, 0x46, 0x27, 0xbc, 0xb2, 0x31, 0x69, 0xc5, 0x54, 0x15, 0x85,0x74, 0x1a, 0x66, 0x94, 0xa6, 0x68, 0x5e, 0xa2,0x1c, 0x38, 0x3d, 0x84, 0xd8, 0x3f, 0x84, 0x81,0x56, 0xc2, 0x9c, 0xac, 0xef, 0x68, 0xef, 0x68,0x96, 0xb3, 0xd1, 0xa9, 0x3a, 0x43, 0x75, 0xef,0xaf, 0xf2, 0x1b, 0xea, 0x96, 0xb8, 0x23, 0xef,0xa6, 0x09, 0x89, 0x15, 0x52, 0x26, 0xce, 0x1f,0x98, 0x02, 0x83, 0x22, 0x08, 0x60, 0x6c, 0xd9,0x14, 0x64, 0xe8, 0xef, 0x53, 0xea, 0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d, 0xdb, 0xaa};

           

 

unsigned char  hashnew[]={0x8f,0x43,0x43,0x46,0x64,0x8f,0x6b,0x96,0xdf,0x89,0xdd,0xa9,0x1c,0x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x27,0xaa,0x4};

 

 

 

 

---------- Forwarded message ---------
From: Viktor Dukhovni <[hidden email]>
Date: Wed 29 Aug, 2018, 11:30 AM
Subject: Re: [openssl-users] Openssl api for signature verification using digest
To: [hidden email] <[hidden email]>




> On Aug 29, 2018, at 1:05 AM, Linta Maria <[hidden email]> wrote:
>
> Still its not working.

The code is working correctly. The real problem is that the PEM
format 2048-bit RSA key you posted:

> ----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
> bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
> yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
> lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
> 09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
> 5QIDAQAB
> -----END PUBLIC KEY-----

is NOT the key that was used to generate the below signature, or
the signature was subsequently altered.

> Signature={ 0x24,0xb8,0xec,0xb4,0x4f,0x31,0xa6,0x8,0x72,0x61,0xc9,0xd3,0x1c,0xd0,0x9b,0xee,0x26,0x2d,0x3d,0xef,0xff,0x2c,0x5,0x78,0x4,0xd3,0xa3,0xff,0xdc,0x97,0x53,0xe6,0x6e,0x85,0x41,0x1b,0xb2,0x2c,0xed,0xbd,0xa6,0x5d,0x6f,0xac,0xbb,0xd5,0xb8,0xa0,0x9,0x2b,0xf1,0xf5,0xb6,0xce,0xdd,0x70,0x8a,0x1a,0xa1,0x20,0x11,0x2b,0xf0,0x17,0x41,0x83,0x80,0xf6,0x61,0xd4,0x6d,0x53,0x8f,0xf1,0x8c,0x19,0x42,0x93,0x96,0xa9,0xb6,0xf2,0x8f,0x27,0x9c,0x66,0x17,0xc5,0xca,0x3d,0xa9,0x3f,0xc5,0x76,0x5f,0x1b,0x31,0xf2,0xd3,0xe,0x78,0x53,0x97,0xcb,0x9d,0xc4,0xe6,0x41,0x61,0x58,0x44,0x5c,0xf5,0xc4,0x67,0x69,0x8,0xa,0x92,0xd5,0x7e,0x9c,0xb9,0x7e,0x54,0x8b,0x8a,0xb,0xa1,0x9a,0x63,0xbf,0xcc,0xed,0x63,0x2c,0xf8,0x14,0x25,0x6,0xa2,0x2,0x0,0x7,0x2e,0x1c,0xc1,0xeb,0x16,0x89,0xaa,0x69,0xe2,0x75,0x57,0x39,0x71,0x68,0xe,0xf,0xa4,0x7a,0xc5,0x14,0x97,0x88,0x67,0xd1,0x36,0x91,0x3b,0x49,0xe7,0xb4,0xf3,0xcb,0xca,0xf6,0xe9,0xb1,0x22,0xe9,0x85,0x89,0xab,0x2,0x4,0x3c,0x2e,0xbd,0x56,0x3,0x8a,0x8b,0x54,0xc6,0xe6,0xed,0x5b,0x4c,0
 xa4,0x9e,0x1b,0xaa,0x90,0xc6,0xb,0x27,0x54,0xc0,0x50,0x5f,0x58,0x97,0xc,0x99,0x5c,0x2,0x74,0xfc,0x9f,0x4c,0x78,0x4e,0xc3,0xb4,0x6d,0x14,0xa1,0xdc,0x62,0xc5,0xfe,0x27,0xb8,0x7d,0x98,0x79,0x82,0x50,0x3a,0xbe,0x6f,0x83,0x79,0xd,0x8a,0xb8,0x3e,0xac,0xa,0xeb,0x62,0xd5,0x5e,0x95}

$ od -tx1 < /tmp/sig
0000000    24  b8  ec  b4  4f  31  a6  08  72  61  c9  d3  1c  d0  9b  ee
0000020    26  2d  3d  ef  ff  2c  05  78  04  d3  a3  ff  dc  97  53  e6
0000040    6e  85  41  1b  b2  2c  ed  bd  a6  5d  6f  ac  bb  d5  b8  a0
0000060    09  2b  f1  f5  b6  ce  dd  70  8a  1a  a1  20  11  2b  f0  17
0000100    41  83  80  f6  61  d4  6d  53  8f  f1  8c  19  42  93  96  a9
0000120    b6  f2  8f  27  9c  66  17  c5  ca  3d  a9  3f  c5  76  5f  1b
0000140    31  f2  d3  0e  78  53  97  cb  9d  c4  e6  41  61  58  44  5c
0000160    f5  c4  67  69  08  0a  92  d5  7e  9c  b9  7e  54  8b  8a  0b
0000200    a1  9a  63  bf  cc  ed  63  2c  f8  14  25  06  a2  02  00  07
0000220    2e  1c  c1  eb  16  89  aa  69  e2  75  57  39  71  68  0e  0f
0000240    a4  7a  c5  14  97  88  67  d1  36  91  3b  49  e7  b4  f3  cb
0000260    ca  f6  e9  b1  22  e9  85  89  ab  02  04  3c  2e  bd  56  03
0000300    8a  8b  54  c6  e6  ed  5b  4c  a4  9e  1b  aa  90  c6  0b  27
0000320    54  c0  50  5f  58  97  0c  99  5c  02  74  fc  9f  4c  78  4e
0000340    c3  b4  6d  14  a1  dc  62  c5  fe  27  b8  7d  98  79  82  50
0000360    3a  be  6f  83  79  0d  8a  b8  3e  ac  0a  eb  62  d5  5e  95

$ openssl rsa -pubin -in /tmp/key
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
5QIDAQAB
-----END PUBLIC KEY-----

Which match your post, but raw public key encryption of the signature
data does not yield a PKCS1 padded message:

$ openssl rsautl -encrypt -pubin -inkey /tmp/key -raw -in /tmp/sig | od -tx1
0000000    95  ca  3c  b7  cf  d3  19  3d  1d  4a  29  61  67  59  21  d1
0000020    61  47  9f  09  69  23  cc  05  77  21  e6  5c  12  9b  ed  39
0000040    06  7c  23  51  5f  e3  3f  48  45  df  41  89  2e  d6  92  4a
0000060    bd  b2  e8  36  e6  83  2a  1e  71  5e  5b  97  52  f2  bc  18
0000100    63  3b  45  e0  c1  0a  ec  48  ae  42  a3  e5  46  dc  80  77
0000120    87  19  a0  29  94  e7  33  2a  77  2b  bb  54  39  06  92  ca
0000140    df  b2  21  04  98  d7  cb  16  a6  a0  5b  ac  c3  d8  20  df
0000160    ac  8f  3a  6d  b9  20  7c  cb  52  5e  7f  f8  69  fc  39  7f
0000200    8b  db  c1  16  4c  df  ca  ba  d7  33  5f  8e  21  87  6b  ae
0000220    a8  e1  20  1b  e5  1f  8c  3f  18  2d  b4  c0  0d  66  ec  1e
0000240    f2  7b  78  ab  ad  3c  8c  da  80  24  25  3d  c8  19  ad  48
0000260    b3  21  ca  90  40  ce  dd  22  85  6d  8b  6f  ed  da  77  be
0000300    81  02  d3  d5  5a  ec  fd  9f  6e  4a  52  f1  18  31  d4  e1
0000320    14  43  17  02  ff  74  f8  ee  cf  2c  09  bc  60  d8  65  e3
0000340    3c  c2  e1  a9  09  5e  21  42  d2  0f  4f  aa  d5  75  47  69
0000360    51  f0  87  98  bd  7f  99  83  e1  22  33  56  0b  13  8e  37
0000400

By way of contrast:

$ openssl genrsa -out /tmp/key2.pem 2048 2>/dev/null
$ echo foobar | openssl dgst -sha256 -sign /tmp/key2.pem -out /tmp/sig2
$ openssl rsa -in /tmp/key2.pem -pubout > /tmp/pub2.pem 2>/dev/null
$ openssl rsautl -encrypt -pubin -inkey /tmp/pub2.pem -raw -in /tmp/sig2 | od -vtx1
0000000    00  01  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000020    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000040    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000060    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000100    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000120    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000140    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000160    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000200    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000220    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000240    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000260    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000300    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  00  30  31  30
0000320    0d  06  09  60  86  48  01  65  03  04  02  01  05  00  04  20
0000340    ae  c0  70  64  5f  e5  3e  e3  b3  76  30  59  37  61  34  f0
0000360    58  cc  33  72  47  c9  78  ad  d1  78  b6  cc  df  b0  01  9f
0000400

Above you see that using the same key for a raw public encrypt as was used
for signing, yields content that is PKCS1-padded as expected.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Openssl api for signature verification using digest

Viktor Dukhovni


> On Aug 29, 2018, at 5:53 AM, Linta Maria <[hidden email]> wrote:
>
> As you suggested, signature wasn't correct.
> With below input also it's not working.

Once again, the code is working correct, the key below did not produce
the posted signature.  Please use "openssl rsautl" as shown in my
previous message to check that the signature matches the code, before
using these to test your code.  There's no use asking for help with
making work something that should not and must not work.

>
> Pubkey is read to evp_PKEY format
>
> EVP_PKEY * vkey;
> char PubKey [] ="-----BEGIN PUBLIC KEY-----""\n"
>             "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEZo8DRHBFBN0w1YYw3w" "\n"
>
>             "C/C/IxCH3WSDCBTZgPux+/Cm+Q+LtSHjxV2x+hHuR8+cWMgFIrpvN0jw1F6g0f3A" "\n"
>
>             "QQvQmPkyIUZGN1C9Da+SEdpc12gZdAOdILUaeiDRNUYXJinbBPQaNGAQIWwuzCuj" "\n"
>
>             "5sjZPrlJYDQ52kq2U86ZNcS/NVRZi+pFB4u0YHHiqJkQYT6yCQjR9Rdvxvjyg9L5" "\n"
>
>             "9petX/xa0tBurw5eTLOC9UlufblJnS7zrVkpoHdtt9rRgDBJ4kTJypeHq0Tybgro" "\n"
>
>             "hhxG1EqdAjoD0OjLV93JWr0DOmwWVE1SoJH/UBbgRXf40hxhdzswgJFWJLIdxfdj" "\n"
>
>             "BwIDAQAB" "\n"
>
>             "-----END PUBLIC KEY-----";
>
>             BIO  *bio;
>
>             bio = BIO_new_mem_buf(PubKey, strlen(PubKey) );
>
>             PEM_read_bio_PUBKEY( bio, &vkey, NULL, NULL );
>
>    
>
> unsigned char  signew[]={0x14, 0x7e, 0x86, 0x9f, 0xfb, 0x10, 0xc8, 0xa4, 0x98, 0xae, 0xcb, 0xf8, 0xd4, 0xd7, 0xad, 0xf2, 0x18, 0x40, 0xaf, 0x06, 0x85, 0x8a, 0x69, 0xde, 0x29, 0x50, 0xf2, 0x52, 0x1c, 0x01, 0xbc, 0x3c, 0x45, 0x42, 0xb1, 0x32, 0xd8, 0x19, 0xf6, 0xf3, 0x11, 0x39, 0x03, 0xbf, 0x23, 0xfb, 0x5d, 0x97, 0x41, 0xb9, 0x85, 0xaf, 0x31, 0xf8, 0x32, 0x2f, 0xd2, 0xb6, 0x5b, 0xf1, 0x22, 0xfd, 0xda, 0x28, 0x58, 0x6f, 0x45, 0x4b, 0x5c, 0x74, 0xf0, 0x84, 0xf2, 0x1e, 0xfa, 0x33, 0xa3, 0x83, 0x38, 0x9f, 0xcf, 0x71, 0x37, 0x77, 0x6d, 0x86, 0x84, 0xc6, 0x5e, 0x3b, 0x71, 0xf5, 0x29, 0x2a, 0x43, 0xf4, 0x43, 0x38, 0x0a, 0x18, 0xf5, 0xbe, 0x6f, 0x03, 0xd3, 0x16, 0x79, 0x13, 0x89, 0x95, 0xb2, 0xd7, 0x27, 0xcf, 0xd4, 0x2b, 0x6b, 0xa1, 0xbd, 0xe3, 0x8e, 0xac, 0x24, 0x1b, 0xdd, 0x17, 0xf8, 0xe1, 0xf5, 0xb9, 0x5a, 0xd4, 0x97, 0xf4, 0xc3, 0xfc, 0x69, 0xc8, 0x40, 0x30, 0x76, 0x7d, 0x18, 0x7c, 0x58, 0x11, 0x3d, 0x78, 0x27, 0x41, 0xab, 0x1c, 0xd2, 0xd3, 0x5f, 0xe2, 0x94, 0xe1, 0x49, 0xba, 0x6b, 0xd7,
  0xbe, 0x3a, 0x9d, 0x86, 0x62, 0xdc, 0xd7, 0x46, 0xae, 0xa3, 0x8e, 0xe1, 0x46, 0x27, 0xbc, 0xb2, 0x31, 0x69, 0xc5, 0x54, 0x15, 0x85,0x74, 0x1a, 0x66, 0x94, 0xa6, 0x68, 0x5e, 0xa2,0x1c, 0x38, 0x3d, 0x84, 0xd8, 0x3f, 0x84, 0x81,0x56, 0xc2, 0x9c, 0xac, 0xef, 0x68, 0xef, 0x68,0x96, 0xb3, 0xd1, 0xa9, 0x3a, 0x43, 0x75, 0xef,0xaf, 0xf2, 0x1b, 0xea, 0x96, 0xb8, 0x23, 0xef,0xa6, 0x09, 0x89, 0x15, 0x52, 0x26, 0xce, 0x1f,0x98, 0x02, 0x83, 0x22, 0x08, 0x60, 0x6c, 0xd9,0x14, 0x64, 0xe8, 0xef, 0x53, 0xea, 0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d, 0xdb, 0xaa};

$ perl -pe 'chomp; s/(..)/chr(hex($1))/eg' /tmp/sig.hex | od -vtx1
0000000    14  7e  86  9f  fb  10  c8  a4  98  ae  cb  f8  d4  d7  ad  f2
0000020    18  40  af  06  85  8a  69  de  29  50  f2  52  1c  01  bc  3c
0000040    45  42  b1  32  d8  19  f6  f3  11  39  03  bf  23  fb  5d  97
0000060    41  b9  85  af  31  f8  32  2f  d2  b6  5b  f1  22  fd  da  28
0000100    58  6f  45  4b  5c  74  f0  84  f2  1e  fa  33  a3  83  38  9f
0000120    cf  71  37  77  6d  86  84  c6  5e  3b  71  f5  29  2a  43  f4
0000140    43  38  0a  18  f5  be  6f  03  d3  16  79  13  89  95  b2  d7
0000160    27  cf  d4  2b  6b  a1  bd  e3  8e  ac  24  1b  dd  17  f8  e1
0000200    f5  b9  5a  d4  97  f4  c3  fc  69  c8  40  30  76  7d  18  7c
0000220    58  11  3d  78  27  41  ab  1c  d2  d3  5f  e2  94  e1  49  ba
0000240    6b  d7  be  3a  9d  86  62  dc  d7  46  ae  a3  8e  e1  46  27
0000260    bc  b2  31  69  c5  54  15  85  74  1a  66  94  a6  68  5e  a2
0000300    1c  38  3d  84  d8  3f  84  81  56  c2  9c  ac  ef  68  ef  68
0000320    96  b3  d1  a9  3a  43  75  ef  af  f2  1b  ea  96  b8  23  ef
0000340    a6  09  89  15  52  26  ce  1f  98  02  83  22  08  60  6c  d9
0000360    14  64  e8  ef  53  ea  48  60  bb  69  49  64  a3  0d  db  aa
0000400


$ perl -pe 'chomp; s/(..)/chr(hex($1))/eg' /tmp/sig.hex |
  openssl rsautl -inkey /tmp/key.pem -pubin -encrypt -raw |
  od -vtx1
0000000    19  5c  c4  8f  80  35  35  17  c6  17  b9  71  4d  8b  04  a2
0000020    f7  e4  8f  95  dc  1f  5d  15  b8  c2  41  16  78  fd  44  77
0000040    88  c1  b9  46  3d  48  d4  d6  b3  5e  d2  bc  4b  8e  0e  bc
0000060    7d  bb  6d  b5  2b  2d  aa  40  01  a3  5e  48  31  76  a7  23
0000100    1f  90  d4  0a  d3  b1  1a  10  05  a0  c3  49  e7  5e  60  04
0000120    82  02  34  43  d4  90  af  63  0f  90  67  3f  97  2a  e7  9c
0000140    c4  4d  2c  1a  ca  d3  c5  95  9f  d7  92  cd  71  32  b1  60
0000160    28  88  25  7a  ea  58  dd  22  83  f1  cb  4d  a7  39  ab  f3
0000200    4f  d8  b6  7d  e3  a6  74  77  76  73  f5  1f  9e  d3  09  5e
0000220    b3  a1  6f  f8  84  0c  75  14  11  c8  0a  93  32  d7  ea  78
0000240    7c  f3  48  7e  1c  0e  89  77  3d  48  ac  ba  80  fc  b3  01
0000260    f8  84  f4  cc  08  da  98  d7  67  00  9a  b6  f2  9e  38  db
0000300    b4  af  d7  38  ec  0d  f4  06  6a  3f  32  8e  c6  74  88  94
0000320    00  3d  11  fe  e7  f5  96  0c  7e  7a  bf  4c  1b  32  b4  7f
0000340    c3  ae  7e  a3  c9  d5  5b  e9  c5  2d  34  25  31  84  69  3c
0000360    eb  d9  7f  f5  a9  46  12  c3  35  a7  e4  19  68  69  d2  bc
0000400

That's not PKCS1 padding.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Openssl api for signature verification using digest

Siti Rafidah
In reply to this post by Linta Maria


All on my phone

Pada 29 Aug 2018, at 17:53, Linta Maria <[hidden email]> menulis:

Hi Viktor,

As you suggested, signature wasn't correct.
With below input also it's not working.

Pubkey is read to evp_PKEY format

EVP_PKEY * vkey;
char PubKey [] ="-----BEGIN PUBLIC KEY-----""\n"

            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEZo8DRHBFBN0w1YYw3w" "\n"

            "C/C/IxCH3WSDCBTZgPux+/Cm+Q+LtSHjxV2x+hHuR8+cWMgFIrpvN0jw1F6g0f3A" "\n"

            "QQvQmPkyIUZGN1C9Da+SEdpc12gZdAOdILUaeiDRNUYXJinbBPQaNGAQIWwuzCuj" "\n"

            "5sjZPrlJYDQ52kq2U86ZNcS/NVRZi+pFB4u0YHHiqJkQYT6yCQjR9Rdvxvjyg9L5" "\n"

            "9petX/xa0tBurw5eTLOC9UlufblJnS7zrVkpoHdtt9rRgDBJ4kTJypeHq0Tybgro" "\n"

            "hhxG1EqdAjoD0OjLV93JWr0DOmwWVE1SoJH/UBbgRXf40hxhdzswgJFWJLIdxfdj" "\n"

            "BwIDAQAB" "\n"

            "-----END PUBLIC KEY-----";

            BIO  *bio;

            bio = BIO_new_mem_buf(PubKey, strlen(PubKey) );

            PEM_read_bio_PUBKEY( bio, &vkey, NULL, NULL );

   

unsigned char  signew[]={0x14, 0x7e, 0x86, 0x9f, 0xfb, 0x10, 0xc8, 0xa4, 0x98, 0xae, 0xcb, 0xf8, 0xd4, 0xd7, 0xad, 0xf2, 0x18, 0x40, 0xaf, 0x06, 0x85, 0x8a, 0x69, 0xde, 0x29, 0x50, 0xf2, 0x52, 0x1c, 0x01, 0xbc, 0x3c, 0x45, 0x42, 0xb1, 0x32, 0xd8, 0x19, 0xf6, 0xf3, 0x11, 0x39, 0x03, 0xbf, 0x23, 0xfb, 0x5d, 0x97, 0x41, 0xb9, 0x85, 0xaf, 0x31, 0xf8, 0x32, 0x2f, 0xd2, 0xb6, 0x5b, 0xf1, 0x22, 0xfd, 0xda, 0x28, 0x58, 0x6f, 0x45, 0x4b, 0x5c, 0x74, 0xf0, 0x84, 0xf2, 0x1e, 0xfa, 0x33, 0xa3, 0x83, 0x38, 0x9f, 0xcf, 0x71, 0x37, 0x77, 0x6d, 0x86, 0x84, 0xc6, 0x5e, 0x3b, 0x71, 0xf5, 0x29, 0x2a, 0x43, 0xf4, 0x43, 0x38, 0x0a, 0x18, 0xf5, 0xbe, 0x6f, 0x03, 0xd3, 0x16, 0x79, 0x13, 0x89, 0x95, 0xb2, 0xd7, 0x27, 0xcf, 0xd4, 0x2b, 0x6b, 0xa1, 0xbd, 0xe3, 0x8e, 0xac, 0x24, 0x1b, 0xdd, 0x17, 0xf8, 0xe1, 0xf5, 0xb9, 0x5a, 0xd4, 0x97, 0xf4, 0xc3, 0xfc, 0x69, 0xc8, 0x40, 0x30, 0x76, 0x7d, 0x18, 0x7c, 0x58, 0x11, 0x3d, 0x78, 0x27, 0x41, 0xab, 0x1c, 0xd2, 0xd3, 0x5f, 0xe2, 0x94, 0xe1, 0x49, 0xba, 0x6b, 0xd7, 0xbe, 0x3a, 0x9d, 0x86, 0x62, 0xdc, 0xd7, 0x46, 0xae, 0xa3, 0x8e, 0xe1, 0x46, 0x27, 0xbc, 0xb2, 0x31, 0x69, 0xc5, 0x54, 0x15, 0x85,0x74, 0x1a, 0x66, 0x94, 0xa6, 0x68, 0x5e, 0xa2,0x1c, 0x38, 0x3d, 0x84, 0xd8, 0x3f, 0x84, 0x81,0x56, 0xc2, 0x9c, 0xac, 0xef, 0x68, 0xef, 0x68,0x96, 0xb3, 0xd1, 0xa9, 0x3a, 0x43, 0x75, 0xef,0xaf, 0xf2, 0x1b, 0xea, 0x96, 0xb8, 0x23, 0xef,0xa6, 0x09, 0x89, 0x15, 0x52, 0x26, 0xce, 0x1f,0x98, 0x02, 0x83, 0x22, 0x08, 0x60, 0x6c, 0xd9,0x14, 0x64, 0xe8, 0xef, 0x53, 0xea, 0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d, 0xdb, 0xaa};

           

 

unsigned char  hashnew[]={0x8f,0x43,0x43,0x46,0x64,0x8f,0x6b,0x96,0xdf,0x89,0xdd,0xa9,0x1c,0x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x27,0xaa,0x4};

 

 

 

 

---------- Forwarded message ---------
From: Viktor Dukhovni <[hidden email]>
Date: Wed 29 Aug, 2018, 11:30 AM
Subject: Re: [openssl-users] Openssl api for signature verification using digest
To: [hidden email] <[hidden email]>




> On Aug 29, 2018, at 1:05 AM, Linta Maria <[hidden email]> wrote:
>
> Still its not working.

The code is working correctly. The real problem is that the PEM
format 2048-bit RSA key you posted:

> ----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
> bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
> yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
> lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
> 09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
> 5QIDAQAB
> -----END PUBLIC KEY-----

is NOT the key that was used to generate the below signature, or
the signature was subsequently altered.

> Signature={ 0x24,0xb8,0xec,0xb4,0x4f,0x31,0xa6,0x8,0x72,0x61,0xc9,0xd3,0x1c,0xd0,0x9b,0xee,0x26,0x2d,0x3d,0xef,0xff,0x2c,0x5,0x78,0x4,0xd3,0xa3,0xff,0xdc,0x97,0x53,0xe6,0x6e,0x85,0x41,0x1b,0xb2,0x2c,0xed,0xbd,0xa6,0x5d,0x6f,0xac,0xbb,0xd5,0xb8,0xa0,0x9,0x2b,0xf1,0xf5,0xb6,0xce,0xdd,0x70,0x8a,0x1a,0xa1,0x20,0x11,0x2b,0xf0,0x17,0x41,0x83,0x80,0xf6,0x61,0xd4,0x6d,0x53,0x8f,0xf1,0x8c,0x19,0x42,0x93,0x96,0xa9,0xb6,0xf2,0x8f,0x27,0x9c,0x66,0x17,0xc5,0xca,0x3d,0xa9,0x3f,0xc5,0x76,0x5f,0x1b,0x31,0xf2,0xd3,0xe,0x78,0x53,0x97,0xcb,0x9d,0xc4,0xe6,0x41,0x61,0x58,0x44,0x5c,0xf5,0xc4,0x67,0x69,0x8,0xa,0x92,0xd5,0x7e,0x9c,0xb9,0x7e,0x54,0x8b,0x8a,0xb,0xa1,0x9a,0x63,0xbf,0xcc,0xed,0x63,0x2c,0xf8,0x14,0x25,0x6,0xa2,0x2,0x0,0x7,0x2e,0x1c,0xc1,0xeb,0x16,0x89,0xaa,0x69,0xe2,0x75,0x57,0x39,0x71,0x68,0xe,0xf,0xa4,0x7a,0xc5,0x14,0x97,0x88,0x67,0xd1,0x36,0x91,0x3b,0x49,0xe7,0xb4,0xf3,0xcb,0xca,0xf6,0xe9,0xb1,0x22,0xe9,0x85,0x89,0xab,0x2,0x4,0x3c,0x2e,0xbd,0x56,0x3,0x8a,0x8b,0x54,0xc6,0xe6,0xed,0x5b,0x4c,0
 xa4,0x9e,0x1b,0xaa,0x90,0xc6,0xb,0x27,0x54,0xc0,0x50,0x5f,0x58,0x97,0xc,0x99,0x5c,0x2,0x74,0xfc,0x9f,0x4c,0x78,0x4e,0xc3,0xb4,0x6d,0x14,0xa1,0xdc,0x62,0xc5,0xfe,0x27,0xb8,0x7d,0x98,0x79,0x82,0x50,0x3a,0xbe,0x6f,0x83,0x79,0xd,0x8a,0xb8,0x3e,0xac,0xa,0xeb,0x62,0xd5,0x5e,0x95}

$ od -tx1 < /tmp/sig
0000000    24  b8  ec  b4  4f  31  a6  08  72  61  c9  d3  1c  d0  9b  ee
0000020    26  2d  3d  ef  ff  2c  05  78  04  d3  a3  ff  dc  97  53  e6
0000040    6e  85  41  1b  b2  2c  ed  bd  a6  5d  6f  ac  bb  d5  b8  a0
0000060    09  2b  f1  f5  b6  ce  dd  70  8a  1a  a1  20  11  2b  f0  17
0000100    41  83  80  f6  61  d4  6d  53  8f  f1  8c  19  42  93  96  a9
0000120    b6  f2  8f  27  9c  66  17  c5  ca  3d  a9  3f  c5  76  5f  1b
0000140    31  f2  d3  0e  78  53  97  cb  9d  c4  e6  41  61  58  44  5c
0000160    f5  c4  67  69  08  0a  92  d5  7e  9c  b9  7e  54  8b  8a  0b
0000200    a1  9a  63  bf  cc  ed  63  2c  f8  14  25  06  a2  02  00  07
0000220    2e  1c  c1  eb  16  89  aa  69  e2  75  57  39  71  68  0e  0f
0000240    a4  7a  c5  14  97  88  67  d1  36  91  3b  49  e7  b4  f3  cb
0000260    ca  f6  e9  b1  22  e9  85  89  ab  02  04  3c  2e  bd  56  03
0000300    8a  8b  54  c6  e6  ed  5b  4c  a4  9e  1b  aa  90  c6  0b  27
0000320    54  c0  50  5f  58  97  0c  99  5c  02  74  fc  9f  4c  78  4e
0000340    c3  b4  6d  14  a1  dc  62  c5  fe  27  b8  7d  98  79  82  50
0000360    3a  be  6f  83  79  0d  8a  b8  3e  ac  0a  eb  62  d5  5e  95

$ openssl rsa -pubin -in /tmp/key
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
FnrhDLZaCmQvZz57uJHhBLwLk/UAJ+kLKV9Lox8eKfimzisPFBad/TUfwPUaQmji
bPKCp+or2EHvPFooOnPWjSd57zPCohDdo0nOLw7iTUOMCvoqvJcdor+t1zBb8MQK
yNTycuoGlT19lr8msJFtR+ulfKucj/zk5w/jr0SsxysqFsvtEfa62Wu/wSDYIfsq
lKlRGLTlqJNtQybtTVv2Uu2KFrbe0C8+FBkxgtBS+0MkhzpJ37/02J+mHFx1bsgN
09QnQY+T05te+6/mmlsHP3PYRqXqJOLl9AkLd/9kiMhSFshowFehKmls9PYt1xGf
5QIDAQAB
-----END PUBLIC KEY-----

Which match your post, but raw public key encryption of the signature
data does not yield a PKCS1 padded message:

$ openssl rsautl -encrypt -pubin -inkey /tmp/key -raw -in /tmp/sig | od -tx1
0000000    95  ca  3c  b7  cf  d3  19  3d  1d  4a  29  61  67  59  21  d1
0000020    61  47  9f  09  69  23  cc  05  77  21  e6  5c  12  9b  ed  39
0000040    06  7c  23  51  5f  e3  3f  48  45  df  41  89  2e  d6  92  4a
0000060    bd  b2  e8  36  e6  83  2a  1e  71  5e  5b  97  52  f2  bc  18
0000100    63  3b  45  e0  c1  0a  ec  48  ae  42  a3  e5  46  dc  80  77
0000120    87  19  a0  29  94  e7  33  2a  77  2b  bb  54  39  06  92  ca
0000140    df  b2  21  04  98  d7  cb  16  a6  a0  5b  ac  c3  d8  20  df
0000160    ac  8f  3a  6d  b9  20  7c  cb  52  5e  7f  f8  69  fc  39  7f
0000200    8b  db  c1  16  4c  df  ca  ba  d7  33  5f  8e  21  87  6b  ae
0000220    a8  e1  20  1b  e5  1f  8c  3f  18  2d  b4  c0  0d  66  ec  1e
0000240    f2  7b  78  ab  ad  3c  8c  da  80  24  25  3d  c8  19  ad  48
0000260    b3  21  ca  90  40  ce  dd  22  85  6d  8b  6f  ed  da  77  be
0000300    81  02  d3  d5  5a  ec  fd  9f  6e  4a  52  f1  18  31  d4  e1
0000320    14  43  17  02  ff  74  f8  ee  cf  2c  09  bc  60  d8  65  e3
0000340    3c  c2  e1  a9  09  5e  21  42  d2  0f  4f  aa  d5  75  47  69
0000360    51  f0  87  98  bd  7f  99  83  e1  22  33  56  0b  13  8e  37
0000400

By way of contrast:

$ openssl genrsa -out /tmp/key2.pem 2048 2>/dev/null
$ echo foobar | openssl dgst -sha256 -sign /tmp/key2.pem -out /tmp/sig2
$ openssl rsa -in /tmp/key2.pem -pubout > /tmp/pub2.pem 2>/dev/null
$ openssl rsautl -encrypt -pubin -inkey /tmp/pub2.pem -raw -in /tmp/sig2 | od -vtx1
0000000    00  01  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000020    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000040    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000060    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000100    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000120    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000140    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000160    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000200    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000220    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000240    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000260    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff
0000300    ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  ff  00  30  31  30
0000320    0d  06  09  60  86  48  01  65  03  04  02  01  05  00  04  20
0000340    ae  c0  70  64  5f  e5  3e  e3  b3  76  30  59  37  61  34  f0
0000360    58  cc  33  72  47  c9  78  ad  d1  78  b6  cc  df  b0  01  9f
0000400

Above you see that using the same key for a raw public encrypt as was used
for signing, yields content that is PKCS1-padded as expected.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users