RSA-SHA1 Digest

classic Classic list List threaded Threaded
15 messages Options
WCR
Reply | Threaded
Open this post in threaded view
|

RSA-SHA1 Digest

WCR

Hi All

I have two simple questions that perhaps someone can answer.

        1. Does Openssl version 0.9.8e allow one to produce an SHA1 digest with
RSA?
        2. If so, can I do it from a command line or do I need to link the
libraries?

I think an SHA1 digest with RSA returns a string of length 28 Bytes but I
get 40 Bytes when I use the command:  openssl dgst -sha1 -key mykey.pem
mydata.txt > mydigest.out (I want 28 bytes)

Can anyone help samples etc?

TIA
David

12677.SIG (178 bytes) Download Attachment
12677.PEM (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

juliusdavies
Hi, David,

I don't quite understand.  Are you trying sign something?  If you're
trying to sign something, then it looks like this (please excuse my
pseudo-code!):

byte[] twentyBytes = sha1( input );
byte[] signature = rsaEncrypt( privateKey, twentyBytes );

In other words, you can use RSA to encrypt the 20 byte sha1 digest.
But the output of the RSA encryption is going to be larger than 20
bytes!  (Unless you use a very small RSA key - 160 bits?).

Using a 2048 bit RSA private key, my output was 256 bytes (2048 bits).

$ openssl dgst -sha1 -sign samples/rsa/openssl_rsa_unencrypted.pem
-hex README.txt
SHA1(README.txt)=
9699dc843a1608b4dbfd13a8f977d7381daae6bc659ebed6f9165f4a1417e447
86c8ec5373a06f85cb0d6c2d128bf9317e69274efa741b2a6289fb576bbe0c28
9efc1de644cf10bd64b4d4a1b24e1cc5688dc22e1732bc22a37984e554dbd2ef
e42a0acd4e48e1f937129d20ea8465d4c1795a705825d8292df329d60660bd93
312fd5f66e0d6745bacd02190da091c2bb78854b1761d58b5ddd793bcd687328
3c3b52c2e370199465554397d70b4a5ceaf49df597b29cc50c50b69d16aaaf6a
a7598192d0912509e6458ba3e611025c708d1f6f3260ddde332326ba87385a98
d2b84115c473a1df7deea4e189956656165fcfcd6abb92f2a7ca804e612677ad


yours,

Julius

On 2/25/07, WCR <[hidden email]> wrote:

>
> Hi All
>
> I have two simple questions that perhaps someone can answer.
>
>         1.      Does Openssl version 0.9.8e allow one to produce an SHA1 digest with
> RSA?
>         2.      If so, can I do it from a command line or do I need to link the
> libraries?
>
> I think an SHA1 digest with RSA returns a string of length 28 Bytes but I
> get 40 Bytes when I use the command:  openssl dgst -sha1 -key mykey.pem
> mydata.txt > mydigest.out (I want 28 bytes)
>
> Can anyone help samples etc?
>
> TIA
> David
>
>


--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/commons-ssl/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: RSA-SHA1 Digest

WCR
Hi Julius

Thank you for your prompt reply.  I hope you can help me, I'll try to
explain it better.

I need to generate a soap envelope, see a correct example attached. Example
message has been provided by the service provider along with a digital
certificate in pkcs#12 file 10698.p12 also attached.

This is what I'm doing:

First: Convert 10698.p12 to 10698.pem
openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes
Then I can stuff my message with the X509Token. So far so good.

Next: I create a digest of my data object #MsgBody. The input to the SHA1
digest function is the text between and including the two elements:

<EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached example.

I have tried both:
openssl dgst -sha1 mydata.txt > mydigest.out
- and -
openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out

No matter what text is input, the result is always 40 bytes long. In all
examples given to me, they are always 28 bytes long. I thought at first it
was because I had not used the -key 10698.pem in the first command line, but
both results were the same.

The next step is to sign it.  The signature lengths vary so no problem there
yet, but my digest should be 28 bytes not 40 bytes.

I must be missing something or perhaps I need a holiday.
Any suggestions, even holiday ones, would be appreciated :-)

David




-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Julius Davies
Sent: 25 February 2007 20:56
To: [hidden email]
Subject: Re: RSA-SHA1 Digest


Hi, David,

I don't quite understand.  Are you trying sign something?  If you're
trying to sign something, then it looks like this (please excuse my
pseudo-code!):

byte[] twentyBytes = sha1( input );
byte[] signature = rsaEncrypt( privateKey, twentyBytes );

In other words, you can use RSA to encrypt the 20 byte sha1 digest.
But the output of the RSA encryption is going to be larger than 20
bytes!  (Unless you use a very small RSA key - 160 bits?).

Using a 2048 bit RSA private key, my output was 256 bytes (2048 bits).

$ openssl dgst -sha1 -sign samples/rsa/openssl_rsa_unencrypted.pem
-hex README.txt
SHA1(README.txt)=
9699dc843a1608b4dbfd13a8f977d7381daae6bc659ebed6f9165f4a1417e447
86c8ec5373a06f85cb0d6c2d128bf9317e69274efa741b2a6289fb576bbe0c28
9efc1de644cf10bd64b4d4a1b24e1cc5688dc22e1732bc22a37984e554dbd2ef
e42a0acd4e48e1f937129d20ea8465d4c1795a705825d8292df329d60660bd93
312fd5f66e0d6745bacd02190da091c2bb78854b1761d58b5ddd793bcd687328
3c3b52c2e370199465554397d70b4a5ceaf49df597b29cc50c50b69d16aaaf6a
a7598192d0912509e6458ba3e611025c708d1f6f3260ddde332326ba87385a98
d2b84115c473a1df7deea4e189956656165fcfcd6abb92f2a7ca804e612677ad


yours,

Julius

On 2/25/07, WCR <[hidden email]> wrote:
>
> Hi All
>
> I have two simple questions that perhaps someone can answer.
>
>         1.      Does Openssl version 0.9.8e allow one to produce an SHA1
digest with
> RSA?
>         2.      If so, can I do it from a command line or do I need to
link the

> libraries?
>
> I think an SHA1 digest with RSA returns a string of length 28 Bytes but I
> get 40 Bytes when I use the command:  openssl dgst -sha1 -key mykey.pem
> mydata.txt > mydigest.out (I want 28 bytes)
>
> Can anyone help samples etc?
>
> TIA
> David
>
>

--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/commons-ssl/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


wcr_signed.xml (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

juliusdavies
The 40 bytes you're seeing might actually be 20 bytes:

9699dc843a1608b4

That's 8 bytes, not 16.

If all the examples you've seen produce 28 byte digests, they are
probably using sha224.

$ echo "28 * 8" | bc
224

:-)


Try using "openssl dgst -sha224" instead of sha1.


yours,

Julius


On 2/26/07, WCR <[hidden email]> wrote:

> Hi Julius
>
> Thank you for your prompt reply.  I hope you can help me, I'll try to
> explain it better.
>
> I need to generate a soap envelope, see a correct example attached. Example
> message has been provided by the service provider along with a digital
> certificate in pkcs#12 file 10698.p12 also attached.
>
> This is what I'm doing:
>
> First: Convert 10698.p12 to 10698.pem
> openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes
> Then I can stuff my message with the X509Token. So far so good.
>
> Next: I create a digest of my data object #MsgBody. The input to the SHA1
> digest function is the text between and including the two elements:
>
> <EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached example.
>
> I have tried both:
> openssl dgst -sha1 mydata.txt > mydigest.out
> - and -
> openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out
>
> No matter what text is input, the result is always 40 bytes long. In all
> examples given to me, they are always 28 bytes long. I thought at first it
> was because I had not used the -key 10698.pem in the first command line, but
> both results were the same.
>
> The next step is to sign it.  The signature lengths vary so no problem there
> yet, but my digest should be 28 bytes not 40 bytes.
>
> I must be missing something or perhaps I need a holiday.
> Any suggestions, even holiday ones, would be appreciated :-)
>
> David
>
>
> --
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: RSA-SHA1 Digest

WCR
Julius

You're probably pointing me in the right direction.

I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte
character string. My problem now is I can't use it in my xml message because
of invalid characters.

If I try "openssl enc -base64" the output is 40bytes.

Is there another step I need to take to get a valid string?

Thank you for your time.
David

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Julius Davies
Sent: 26 February 2007 13:54
To: [hidden email]
Subject: Re: RSA-SHA1 Digest


The 40 bytes you're seeing might actually be 20 bytes:

9699dc843a1608b4

That's 8 bytes, not 16.

If all the examples you've seen produce 28 byte digests, they are
probably using sha224.

$ echo "28 * 8" | bc
224

:-)


Try using "openssl dgst -sha224" instead of sha1.


yours,

Julius


On 2/26/07, WCR <[hidden email]> wrote:
> Hi Julius
>
> Thank you for your prompt reply.  I hope you can help me, I'll try to
> explain it better.
>
> I need to generate a soap envelope, see a correct example attached.
Example

> message has been provided by the service provider along with a digital
> certificate in pkcs#12 file 10698.p12 also attached.
>
> This is what I'm doing:
>
> First: Convert 10698.p12 to 10698.pem
> openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes
> Then I can stuff my message with the X509Token. So far so good.
>
> Next: I create a digest of my data object #MsgBody. The input to the SHA1
> digest function is the text between and including the two elements:
>
> <EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached
example.
>
> I have tried both:
> openssl dgst -sha1 mydata.txt > mydigest.out
> - and -
> openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out
>
> No matter what text is input, the result is always 40 bytes long. In all
> examples given to me, they are always 28 bytes long. I thought at first it
> was because I had not used the -key 10698.pem in the first command line,
but
> both results were the same.
>
> The next step is to sign it.  The signature lengths vary so no problem
there
> yet, but my digest should be 28 bytes not 40 bytes.
>
> I must be missing something or perhaps I need a holiday.
> Any suggestions, even holiday ones, would be appreciated :-)
>
> David
>
>
> --
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

Goetz Babin-Ebell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello David,

WCR wrote:
> Julius
>
> You're probably pointing me in the right direction.
Not really.

> I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte
> character string. My problem now is I can't use it in my xml message because
> of invalid characters.
>
> If I try "openssl enc -base64" the output is 40bytes.
>
> Is there another step I need to take to get a valid string?

Doing digest and sign in two steps is very unusual.
Usually you process the digest and generate the signature
in one step.

If you only want a raw base64 encoded signature (no PKCS#7)
You do the following:

openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt
openssl enc -base64 -in sig.bin -out signature.b64

1st step: digest and sign data
2nd step: convert generated binary signature into base64
With a 1024 bit RSA key the file is 175 bytes long (containing
3 line feeds)

In a program the first step is done with the functions
EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and
EVP_SignFinal()

Bye

Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR
zHll0H48SpOrutZJ036eycE=
=S40W
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

juliusdavies
I think I finally understand.  This isn't 28 bytes:

<ds:DigestValue>
sXD2SsGQxI7DDFMwHwONxjGOaoI=
</ds:DigestValue>

That's 20 bytes of base64 encoded bytes.

So you really are using sha1.

yours,

Julius


On 2/26/07, Goetz Babin-Ebell <[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello David,
>
> WCR wrote:
> > Julius
> >
> > You're probably pointing me in the right direction.
> Not really.
>
> > I tried "openssl dgst -sha224" and yes I got a 56byte hex string / 28byte
> > character string. My problem now is I can't use it in my xml message because
> > of invalid characters.
> >
> > If I try "openssl enc -base64" the output is 40bytes.
> >
> > Is there another step I need to take to get a valid string?
>
> Doing digest and sign in two steps is very unusual.
> Usually you process the digest and generate the signature
> in one step.
>
> If you only want a raw base64 encoded signature (no PKCS#7)
> You do the following:
>
> openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt
> openssl enc -base64 -in sig.bin -out signature.b64
>
> 1st step: digest and sign data
> 2nd step: convert generated binary signature into base64
> With a 1024 bit RSA key the file is 175 bytes long (containing
> 3 line feeds)
>
> In a program the first step is done with the functions
> EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and
> EVP_SignFinal()
>
> Bye
>
> Goetz
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR
> zHll0H48SpOrutZJ036eycE=
> =S40W
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: RSA-SHA1 Digest

WCR
Julius,

I'm a bit slow and a newbie, but this looks to me like a 28 byte string not
20?
Can you explain please.

<ds:DigestValue>
sXD2SsGQxI7DDFMwHwONxjGOaoI=
</ds:DigestValue>

also Goetz,

> Doing digest and sign in two steps is very unusual.
> Usually you process the digest and generate the signature
> in one step.

Unfortunately, I think I do need both the digest and the signature to stuff
my xml message as in example attached in previous posts.

Thank you both for your patience.

David


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Julius Davies
Sent: 26 February 2007 22:30
To: [hidden email]
Subject: Re: RSA-SHA1 Digest


I think I finally understand.  This isn't 28 bytes:

<ds:DigestValue>
sXD2SsGQxI7DDFMwHwONxjGOaoI=
</ds:DigestValue>

That's 20 bytes of base64 encoded bytes.

So you really are using sha1.

yours,

Julius


On 2/26/07, Goetz Babin-Ebell <[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello David,
>
> WCR wrote:
> > Julius
> >
> > You're probably pointing me in the right direction.
> Not really.
>
> > I tried "openssl dgst -sha224" and yes I got a 56byte hex string /
28byte
> > character string. My problem now is I can't use it in my xml message
because

> > of invalid characters.
> >
> > If I try "openssl enc -base64" the output is 40bytes.
> >
> > Is there another step I need to take to get a valid string?
>
> Doing digest and sign in two steps is very unusual.
> Usually you process the digest and generate the signature
> in one step.
>
> If you only want a raw base64 encoded signature (no PKCS#7)
> You do the following:
>
> openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt
> openssl enc -base64 -in sig.bin -out signature.b64
>
> 1st step: digest and sign data
> 2nd step: convert generated binary signature into base64
> With a 1024 bit RSA key the file is 175 bytes long (containing
> 3 line feeds)
>
> In a program the first step is done with the functions
> EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and
> EVP_SignFinal()
>
> Bye
>
> Goetz
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR
> zHll0H48SpOrutZJ036eycE=
> =S40W
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

juliusdavies
If you take the data inside here and base64 decode it, you end up with 20 bytes.

<ds:DigestValue>
sXD2SsGQxI7DDFMwHwONxjGOaoI=
</ds:DigestValue>

$ echo 'sXD2SsGQxI7DDFMwHwONxjGOaoI=' | openssl base64 -d | hexdump -C
00000000  b1 70 f6 4a c1 90 c4 8e  c3 0c 53 30 1f 03 8d c6
00000010  31 8e 6a 82

The result is twenty bytes - you can count them.  :-)

b1 70 f6 4a c1 90 c4 8e  c3 0c 53 30 1f 03 8d c6 31 8e 6a 82


yours,

Julius


On 2/27/07, WCR <[hidden email]> wrote:

> Julius,
>
> I'm a bit slow and a newbie, but this looks to me like a 28 byte string not
> 20?
> Can you explain please.
>
> <ds:DigestValue>
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> </ds:DigestValue>
>
> also Goetz,
>
> > Doing digest and sign in two steps is very unusual.
> > Usually you process the digest and generate the signature
> > in one step.
>
> Unfortunately, I think I do need both the digest and the signature to stuff
> my xml message as in example attached in previous posts.
>
> Thank you both for your patience.
>
> David
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Julius Davies
> Sent: 26 February 2007 22:30
> To: [hidden email]
> Subject: Re: RSA-SHA1 Digest
>
>
> I think I finally understand.  This isn't 28 bytes:
>
> <ds:DigestValue>
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> </ds:DigestValue>
>
> That's 20 bytes of base64 encoded bytes.
>
> So you really are using sha1.
>
> yours,
>
> Julius
>
>
> On 2/26/07, Goetz Babin-Ebell <[hidden email]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello David,
> >
> > WCR wrote:
> > > Julius
> > >
> > > You're probably pointing me in the right direction.
> > Not really.
> >
> > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string /
> 28byte
> > > character string. My problem now is I can't use it in my xml message
> because
> > > of invalid characters.
> > >
> > > If I try "openssl enc -base64" the output is 40bytes.
> > >
> > > Is there another step I need to take to get a valid string?
> >
> > Doing digest and sign in two steps is very unusual.
> > Usually you process the digest and generate the signature
> > in one step.
> >
> > If you only want a raw base64 encoded signature (no PKCS#7)
> > You do the following:
> >
> > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt
> > openssl enc -base64 -in sig.bin -out signature.b64
> >
> > 1st step: digest and sign data
> > 2nd step: convert generated binary signature into base64
> > With a 1024 bit RSA key the file is 175 bytes long (containing
> > 3 line feeds)
> >
> > In a program the first step is done with the functions
> > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and
> > EVP_SignFinal()
> >
> > Bye
> >
> > Goetz
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (GNU/Linux)
> > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> >
> > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR
> > zHll0H48SpOrutZJ036eycE=
> > =S40W
> > -----END PGP SIGNATURE-----
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
>
>
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

Goetz Babin-Ebell
In reply to this post by WCR
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello David,

WCR wrote:
> also Goetz,
>
>> Doing digest and sign in two steps is very unusual.
>> Usually you process the digest and generate the signature
>> in one step.
>
> Unfortunately, I think I do need both the digest and the signature to stuff
> my xml message as in example attached in previous posts.

If you really need the digest and the signature,
you can do a EVP_MD_CTX_copy() before signing:

[...]
   EVP_MD_CTX *ctx_work, *ctx_dgst;
   ctx_work = EVP_MD_CTX_create();
   ctx_dgst = EVP_MD_CTX_create();
   char dgst_data[EVP_MAX_MD_SIZE];
   int  dgst_size = EVP_MAX_MD_SIZE;
   int  sign_size = EVP_PKEY_size(key);
   char*sign_data = OPENSSL_malloc(sign_size);

[...]
   error = EVP_SignInit(ctx_work,EVP_sha1());

   while((length = read_data(buffer)) > 0)
      error = EVP_SignUpdate(ctx_work,buffer,length);

[...]
   error = EVP_MD_CTX_copy_ex(ctx_dgst,ctx_work);

   error = EVP_DigestFinal(ctx_dgst,dgst,dgst_size);
   EVP_MD_CTX_destroy(ctx_dgst);

   error = EVP_SignFinal(ctx_work,sign_data,&sign_size,key);
   EVP_MD_CTX_destroy(ctx_work);

[...]
   OPENSSL_free(sign_data);
[...]

WARNING:
this code is untested.
It was written from my memory how openssl works and
after consulting some man pages of the development head.
Release versions may have a slightly different interface...

Bye

Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF5I432iGqZUF3qPYRAhk6AKCB9MV3uP7eG6i52nzaJcLp2EVjlgCfYw8f
9aFddvGxRhdpwEib8wLWCRc=
=hvVf
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: RSA-SHA1 Digest

WCR
In reply to this post by juliusdavies
Hi Julius

I'm beginning to get this now, but I still have a problem :-((

How do I obtain this result
sXD2SsGQxI7DDFMwHwONxjGOaoI=
from the data object in the soap envelope?

Shouldn't it be the SHA1 digest of the text between
<soapenv:Body Id="MsgBody">... in here ...</soapenv:Body>

Then, is this a SHA1 with RSA digest instead of SHA1. If so, how does
OPENSSL know this if the key is not used on the command line.

Also, Goetz says that one normally digests & signs in one step, but I need
to retrieve the digest as well as the signature value.

Any ideas?

David

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Header><wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
    <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary"
Id="X509Token" ValueType="wsse:X509v3">
      MIIC6TCCAdGgAwIBAgIRAKJBsnHLRuiGajUMvwYJh+IwDQYJKoZIhvcNAQEFBQAw
      ZTELMAkGA1UEBhMCSUUxHjAcBgNVBAoTFVJldmVudWUgQ29tbWlzc2lvbmVyczEg
      MB4GA1UECxMXUmV2ZW51ZSBPbi1MaW5lIFNlcnZpY2UxFDASBgNVBAMTC1JPUyBS
      U0EgQ0EyMB4XDTA2MTAyMzEyMzI1M1oXDTA4MTAyMjEyMzI1M1owTjEWMBQGA1UE
      AxMNQURNSU5JU1RSQVRPUjETMBEGA1UECxMKMTg1OTgxMzI5NTESMBAGA1UEChMJ
      S0lORyBDT05HMQswCQYDVQQGEwJJRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
      gYEA9PlKOv3ZuTmiT4XsFSPBrduB3SZzu2bJvlgOK+MSDsbc2hRmJqZuzqRFGvCm
      J3kFyB2Sy5QX3XzYNjsqkb8gmYr/7pjZ1WzDx5aoAj+t4XWn07VkuPi30KJUQpbe
      IDO2Gebh0wcakdRDILeix3KxZRmjy0ts21vf/oqCyeX8tf8CAwEAAaMvMC0wCwYD
      VR0PBAQDAgbAMB4GA1UdEQQXMBWBE2FueWJvZHlAYWRkcmVzcy5jb20wDQYJKoZI
      hvcNAQEFBQADggEBAG30/xBilQzr34w912WMC8qV7xP1GkgMKmw+ioVWd0GlK3ny
      twuXIazF8C2y58zV4/oGI3gU2gzYKHb4g8Z6RJMvbwLCYzHqwbkTJ9KQe2mM6NT5
      uENFKIqgi3fsyCGNRlhYOYZBZBcpCyS9umcfEclAHnLu9V5fCwqsYODxriGvoNG0
      YE0vNx1Qgy3EL5y7M4P7FiSz3ajV1qv7DpBrGT2KSSR9WYwNm8+F/znPsD6Dh3d/
      /+TzJzABX/QhEQWPNfUE95gnBVRkdaARMtDTA8QgyPHxAdSCu6ktshQfoy7W1qAO
      sNBv+q0dfL9WojnqIJGcKsc6UtaC0YWNKTDZ6wo=
    </wsse:BinarySecurityToken>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#MsgBody">
          <ds:Transforms>
            <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>sXD2SsGQxI7DDFMwHwONxjGOaoI=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>
        QnZ9BIpAwFYaF55BsZrzenrqGwOnmH+2N1dTXd1UgNumZnr0O1yJWFtwwEHbhhaQ
        C05xJvV0HY1rCBqfHCGw83rGpcGfAHrHMzVS9fncR7xqUGDVAPtb89ywji3RjxwN
        W2IxRvHDJt8VrNHZPZn/wVlGlJdseCDW11Qdotm6yDU=
      </ds:SignatureValue>
      <ds:KeyInfo>
        <wsse:SecurityTokenReference>
          <wsse:Reference URI="#X509Token"/>
        </wsse:SecurityTokenReference>
      </ds:KeyInfo>
    </ds:Signature></wsse:Security> </soapenv:Header>
 <soapenv:Body Id="MsgBody"><EdiCustomsDeclaration
xsi:schemaLocation="http://www.ros.ie/schemas/customs/edisad/v1
C:\AEP\schemas\schemas\sadedifact\schema.xsd"
xmlns="http://www.ros.ie/schemas/customs/edisad/v1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><![CDATA[UNB+UNOC:3+CA
E00043270+REV.IE+070220:1252+070220125247'UNH+0022466+CUSDEC:D:96B:UN:IEA001
'BGM+22:105::EXA++X12'LOC+35+IE'LOC+36+SG'LOC+42+IEDUB100'LOC+14+
'LOC+22+IEDUB100'LOC+18+:::IE00'GIS+
:160'GIS+1:146'EQD+CN+TRLU4621596'FTX+ACB++1D24+200701050100'RFF+ABI:43270'R
FF+AAS:804550'TDT+12++1+++++:::TRLU4621596'TDT+11++1+++++::::IE'NAD+CZ+VAT82
26392B'NAD+CN+++HEWLETT PACKARD COMPANY FAR EST LTD+450 ALEXANDRA ROAD
SINGAORE
11960+SINGAPORE+++SG'NAD+DT+CAE00043270'MOA+39:53251.50:USD'UNS+D'CST+1+4817
2000'LOC+27+IE'MEA+WT+AAA+KGR:6100.000'MEA+AAS++SPU:10.000'PAC+1++CT:67'PCI+
28+1 PCS ADDR'MOA+123:40332.88'RFF+ACE:'RFF+CW::1'IMD+E'FTX+AAA+++PAPER
PRODUCTS'DOC+N935+804550'GIS+001:PII'GIS+000:117::1000'UNS+S'CNT+5:1'UNT+38+
0022466'UNZ+1+070220125247']]></EdiCustomsDeclaration> </soapenv:Body>
</soapenv:Envelope>

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Julius Davies
Sent: 27 February 2007 17:37
To: [hidden email]
Subject: Re: RSA-SHA1 Digest


If you take the data inside here and base64 decode it, you end up with 20
bytes.

<ds:DigestValue>
sXD2SsGQxI7DDFMwHwONxjGOaoI=
</ds:DigestValue>

$ echo 'sXD2SsGQxI7DDFMwHwONxjGOaoI=' | openssl base64 -d | hexdump -C
00000000  b1 70 f6 4a c1 90 c4 8e  c3 0c 53 30 1f 03 8d c6
00000010  31 8e 6a 82

The result is twenty bytes - you can count them.  :-)

b1 70 f6 4a c1 90 c4 8e  c3 0c 53 30 1f 03 8d c6 31 8e 6a 82


yours,

Julius


On 2/27/07, WCR <[hidden email]> wrote:
> Julius,
>
> I'm a bit slow and a newbie, but this looks to me like a 28 byte string
not

> 20?
> Can you explain please.
>
> <ds:DigestValue>
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> </ds:DigestValue>
>
> also Goetz,
>
> > Doing digest and sign in two steps is very unusual.
> > Usually you process the digest and generate the signature
> > in one step.
>
> Unfortunately, I think I do need both the digest and the signature to
stuff

> my xml message as in example attached in previous posts.
>
> Thank you both for your patience.
>
> David
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Julius Davies
> Sent: 26 February 2007 22:30
> To: [hidden email]
> Subject: Re: RSA-SHA1 Digest
>
>
> I think I finally understand.  This isn't 28 bytes:
>
> <ds:DigestValue>
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> </ds:DigestValue>
>
> That's 20 bytes of base64 encoded bytes.
>
> So you really are using sha1.
>
> yours,
>
> Julius
>
>
> On 2/26/07, Goetz Babin-Ebell <[hidden email]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello David,
> >
> > WCR wrote:
> > > Julius
> > >
> > > You're probably pointing me in the right direction.
> > Not really.
> >
> > > I tried "openssl dgst -sha224" and yes I got a 56byte hex string /
> 28byte
> > > character string. My problem now is I can't use it in my xml message
> because
> > > of invalid characters.
> > >
> > > If I try "openssl enc -base64" the output is 40bytes.
> > >
> > > Is there another step I need to take to get a valid string?
> >
> > Doing digest and sign in two steps is very unusual.
> > Usually you process the digest and generate the signature
> > in one step.
> >
> > If you only want a raw base64 encoded signature (no PKCS#7)
> > You do the following:
> >
> > openssl dgst -sha1 -sign key.pem -out sig.bin datatobesigned.txt
> > openssl enc -base64 -in sig.bin -out signature.b64
> >
> > 1st step: digest and sign data
> > 2nd step: convert generated binary signature into base64
> > With a 1024 bit RSA key the file is 175 bytes long (containing
> > 3 line feeds)
> >
> > In a program the first step is done with the functions
> > EVP_SignInit() (or EVP_SignInit_ex()), EVP_SignUpdate() and
> > EVP_SignFinal()
> >
> > Bye
> >
> > Goetz
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (GNU/Linux)
> > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
> >
> > iD8DBQFF4yvP2iGqZUF3qPYRAus7AJ9sTTd9kSvDYMOLjL88da0Rm/G8pACcD7qR
> > zHll0H48SpOrutZJ036eycE=
> > =S40W
> > -----END PGP SIGNATURE-----
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [hidden email]
> > Automated List Manager                           [hidden email]
> >
>
>
> --
> yours,
>
> Julius Davies
> 416-652-0183
> http://juliusdavies.ca/
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA-SHA1 Digest

Goetz Babin-Ebell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello David,

WCR wrote:
> I'm beginning to get this now, but I still have a problem :-((
>
> How do I obtain this result
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> from the data object in the soap envelope?
For that you have to study the SOAP / XMLDSIG documentation.

> Shouldn't it be the SHA1 digest of the text between
> <soapenv:Body Id="MsgBody">... in here ...</soapenv:Body>
That seems to be the data you have to digest.
But it might be possible you have to normalize it before
you can calculate the digest.
As I mentioned above: you have to consult the
SOAP / XMLDSIG documentation
(or somebody who knows how to sign SOAP data...)

> Then, is this a SHA1 with RSA digest instead of SHA1. If so, how does
> OPENSSL know this if the key is not used on the command line.

No.
At first it is only SHA1.
Only after you have done the RSA signature it is SHA1 with RSA.

> Also, Goetz says that one normally digests & signs in one step, but I need
> to retrieve the digest as well as the signature value.

There are two possibilities:
* on the command line call openssl dgst twice:
  - once to calculate the SHA1 digest
  - once to calculate the signature.
* use the program fragment I posted earlier.
  (You still have to do the base64 encoding)

Doing signing on a pre calculated SHA1 digest is not possible on
the command line interface.

Bye

Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF7FeH2iGqZUF3qPYRAnPYAJ4sCu1kq5g54r6WuFsqTLowLusTTACfbhPK
0DKgu9pBxkxlUFWPCNFUwtA=
=v1u0
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: RSA-SHA1 Digest

WCR
Hi Geotz

Your comments have been very helpful.
I've had a look at the SOAP/XMLDSIG documentation and realise, as you
suggested that I must normalize / canonicalize the data between the tags
<soapenv:Body Id="MsgBody"> and </soapenv:Body> before digesting.

Do you know of any utilities I can get/buy to do this?

My deadline is nearly up and I'm in trouble.

Regards
David

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Goetz Babin-Ebell
Sent: 05 March 2007 17:47
To: [hidden email]
Subject: Re: RSA-SHA1 Digest


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello David,

WCR wrote:
> I'm beginning to get this now, but I still have a problem :-((
>
> How do I obtain this result
> sXD2SsGQxI7DDFMwHwONxjGOaoI=
> from the data object in the soap envelope?
For that you have to study the SOAP / XMLDSIG documentation.

> Shouldn't it be the SHA1 digest of the text between
> <soapenv:Body Id="MsgBody">... in here ...</soapenv:Body>
That seems to be the data you have to digest.
But it might be possible you have to normalize it before
you can calculate the digest.
As I mentioned above: you have to consult the
SOAP / XMLDSIG documentation
(or somebody who knows how to sign SOAP data...)

> Then, is this a SHA1 with RSA digest instead of SHA1. If so, how does
> OPENSSL know this if the key is not used on the command line.

No.
At first it is only SHA1.
Only after you have done the RSA signature it is SHA1 with RSA.

> Also, Goetz says that one normally digests & signs in one step, but I need
> to retrieve the digest as well as the signature value.

There are two possibilities:
* on the command line call openssl dgst twice:
  - once to calculate the SHA1 digest
  - once to calculate the signature.
* use the program fragment I posted earlier.
  (You still have to do the base64 encoding)

Doing signing on a pre calculated SHA1 digest is not possible on
the command line interface.

Bye

Goetz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF7FeH2iGqZUF3qPYRAnPYAJ4sCu1kq5g54r6WuFsqTLowLusTTACfbhPK
0DKgu9pBxkxlUFWPCNFUwtA=
=v1u0
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-users] RE: RSA-SHA1 Digest

Erwann ABALEA
Bonjour,

Hodie pr. Non. Mar. MMVII est, WCR scripsit:
> Your comments have been very helpful.
> I've had a look at the SOAP/XMLDSIG documentation and realise, as you
> suggested that I must normalize / canonicalize the data between the tags
> <soapenv:Body Id="MsgBody"> and </soapenv:Body> before digesting.
>
> Do you know of any utilities I can get/buy to do this?

Instead of reinventing the wheel, why haven't you started with the
xmlsec library? It can use OpenSSL, if you need it.

--
Erwann ABALEA <[hidden email]>
-----
When uncertain, or in doubt, run in circles and scream.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
WCR
Reply | Threaded
Open this post in threaded view
|

RE: [openssl-users] RE: RSA-SHA1 Digest

WCR
Hi Erwann

I've tried to download the Windows binaries but it bounces.

http://xmlsoft.org/sources/win32/

David

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Erwann ABALEA
Sent: 06 March 2007 13:37
To: [hidden email]
Subject: Re: [openssl-users] RE: RSA-SHA1 Digest


Bonjour,

Hodie pr. Non. Mar. MMVII est, WCR scripsit:
> Your comments have been very helpful.
> I've had a look at the SOAP/XMLDSIG documentation and realise, as you
> suggested that I must normalize / canonicalize the data between the tags
> <soapenv:Body Id="MsgBody"> and </soapenv:Body> before digesting.
>
> Do you know of any utilities I can get/buy to do this?

Instead of reinventing the wheel, why haven't you started with the
xmlsec library? It can use OpenSSL, if you need it.

--
Erwann ABALEA <[hidden email]>
-----
When uncertain, or in doubt, run in circles and scream.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]