PKCS7 and RSA_verify

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
ch
Reply | Threaded
Open this post in threaded view
|

PKCS7 and RSA_verify

ch
Hello!

I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures I
try to do it "manually" and I now have a problem with the signing-timestamp.

Lets do an example:

openssl smime -sign -md sha1  -in plain.txt  -inkey mykey -signer
mycert  -noattr  -outform der | openssl asn1parse -inform der

If I put plain.txt and the 128 byte signature (from asn1parse out of the
pkcs7) into RSA_verify it works perfectly.
Every call would produce the same signature-hexdump.

But if I remove the -noattr the signature-value will be different every
second and then RSA_verify it not working anymore.

How can I handle this?

Thanks!

Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

Dr. Stephen Henson
On Thu, Sep 28, 2017, ch wrote:

> Hello!
>
> I am working on a tool for verifying SMIME-messages.
> Because cms and smime is only able to verify base64 pkcs7-signatures
> I try to do it "manually" and I now have a problem with the
> signing-timestamp.
>

I'm not sure what you mean by "only able to verify base64 pkcs7-signatures"
it can handle PEM and DER forms too.

> Lets do an example:
>
> openssl smime -sign -md sha1  -in plain.txt  -inkey mykey -signer
> mycert  -noattr  -outform der | openssl asn1parse -inform der
>
> If I put plain.txt and the 128 byte signature (from asn1parse out of
> the pkcs7) into RSA_verify it works perfectly.
> Every call would produce the same signature-hexdump.
>
> But if I remove the -noattr the signature-value will be different
> every second and then RSA_verify it not working anymore.
>
> How can I handle this?
>

When you don't use attributes the signature is over performed over the
content. If you use attributes then the signature is over the encoding of a
bunch of attributes including a signing time and the digest of the content.
Because the signing time changes the data being signed in the attributes
changes too.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ch
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

ch
Hello!

Thanks for the support.

On 2017-09-28 01:06, Dr. Stephen Henson wrote:

> On Thu, Sep 28, 2017, ch wrote:
>
>> Hello!
>>
>> I am working on a tool for verifying SMIME-messages.
>> Because cms and smime is only able to verify base64 pkcs7-signatures
>> I try to do it "manually" and I now have a problem with the
>> signing-timestamp.
>>
> I'm not sure what you mean by "only able to verify base64 pkcs7-signatures"
> it can handle PEM and DER forms too.
If the pkcs-signature is binary encoded it is not working for verifiying
a SMIME-message in my experience with
smime or cms-smime on the console. I tried to convert the binary ones to
base64 but that does not everytime the trick.

>
>> Lets do an example:
>>
>> openssl smime -sign -md sha1  -in plain.txt  -inkey mykey -signer
>> mycert  -noattr  -outform der | openssl asn1parse -inform der
>>
>> If I put plain.txt and the 128 byte signature (from asn1parse out of
>> the pkcs7) into RSA_verify it works perfectly.
>> Every call would produce the same signature-hexdump.
>>
>> But if I remove the -noattr the signature-value will be different
>> every second and then RSA_verify it not working anymore.
>>
>> How can I handle this?
>>
> When you don't use attributes the signature is over performed over the
> content. If you use attributes then the signature is over the encoding of a
> bunch of attributes including a signing time and the digest of the content.
> Because the signing time changes the data being signed in the attributes
> changes too.
Would PKCS7_verify (or something else) handle that for me or do I need
to consider that different
content with RSA_verify?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org

Again, thanks for the support!
chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

Verhelst Wouter (Consultant)
On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
is not working for verifiying
> a SMIME-message in my experience with
> smime or cms-smime on the console. I tried to convert the binary ones to
> base64 but that does not everytime the trick.

What you call "base64" is commonly known as "PEM" :-)

You can get it to parse binary, but to do so you need to specify
"-inform der".

--
Wouter Verhelst
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ch
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

ch
Hi!

I thought the difference between PEM and DER is NOT ONLY a different
encoding of the string?
base64 vs. binary

So to understand that clear please let me ask:
If I convert a PEM-signature from base64 to binary then it is DER?

Thanks
Chris

On 2017-09-28 11:23, Wouter Verhelst wrote:

> On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
> is not working for verifiying
>> a SMIME-message in my experience with
>> smime or cms-smime on the console. I tried to convert the binary ones to
>> base64 but that does not everytime the trick.
> What you call "base64" is commonly known as "PEM" :-)
>
> You can get it to parse binary, but to do so you need to specify
> "-inform der".
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

Sam Roberts
On Thu, Sep 28, 2017 at 2:28 AM, ch <[hidden email]> wrote:
> Hi!
>
> I thought the difference between PEM and DER is NOT ONLY a different
> encoding of the string?
> base64 vs. binary
>
> So to understand that clear please let me ask:
> If I convert a PEM-signature from base64 to binary then it is DER?

Yes. Well, technically it could be BER as well, but the main point is
PEM is just a wrapper to transport binary via email safe text, and you
can unwrap it if you want. PEM also includes a header, so you know if
the object is a cert, a key, an encrypted message, etc, meta-data
which is not known if you just have the binary chunk.


>
> Thanks
> Chris
>
> On 2017-09-28 11:23, Wouter Verhelst wrote:
>>
>> On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
>> is not working for verifiying
>>>
>>> a SMIME-message in my experience with
>>> smime or cms-smime on the console. I tried to convert the binary ones to
>>> base64 but that does not everytime the trick.
>>
>> What you call "base64" is commonly known as "PEM" :-)
>>
>> You can get it to parse binary, but to do so you need to specify
>> "-inform der".
>>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: PKCS7 and RSA_verify

lists-161
On 10/01/2017 01:27 AM, Sam Roberts wrote:

> On Thu, Sep 28, 2017 at 2:28 AM, ch <[hidden email]> wrote:
>> Hi!
>>
>> I thought the difference between PEM and DER is NOT ONLY a different
>> encoding of the string?
>> base64 vs. binary
>>
>> So to understand that clear please let me ask:
>> If I convert a PEM-signature from base64 to binary then it is DER?
> Yes. Well, technically it could be BER as well, but the main point is
> PEM is just a wrapper to transport binary via email safe text, and you
> can unwrap it if you want. PEM also includes a header, so you know if
> the object is a cert, a key, an encrypted message, etc, meta-data
> which is not known if you just have the binary chunk.

Indeed, PEM for S/MIME looks like

-----BEGIN PKCS7-----
<base64 of DER SMIME>
-----END PKCS7-----

so you must add the header ("-----BEGIN PKCS7-----") and the trailer

>> Thanks
>> Chris
>>
>> On 2017-09-28 11:23, Wouter Verhelst wrote:
>>> On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
>>> is not working for verifiying
>>>> a SMIME-message in my experience with
>>>> smime or cms-smime on the console. I tried to convert the binary ones to
>>>> base64 but that does not everytime the trick.
>>> What you call "base64" is commonly known as "PEM" :-)
>>>
>>> You can get it to parse binary, but to do so you need to specify
>>> "-inform der".
>>>
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users