any way to debug signature verification failure?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

any way to debug signature verification failure?

john guerrero
i have a signature that fails verification.

openssl dgst -sha1 -verify public.pem -signature sigfile myfile
Verification Failure

this one particular pair (sigfile, myfile) fails verification out of a
group of 500,000 pairs which all succeed.

there are at least 2 possbilities for this that i can think of:
1. it was signed with a different key
2. something corrupted the variable holding the signature before it made
it to disk

is there some way of looking at the hex of the signature and
distinguishing between these 2 possibilities?

i have enough other checks to verify that the file and signature were
not tampered with since they were originally written.

thanks,
jlg
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: any way to debug signature verification failure?

Dr. Stephen Henson
On Wed, Nov 23, 2005, john guerrero wrote:

> i have a signature that fails verification.
>
> openssl dgst -sha1 -verify public.pem -signature sigfile myfile
> Verification Failure
>
> this one particular pair (sigfile, myfile) fails verification out of a
> group of 500,000 pairs which all succeed.
>
> there are at least 2 possbilities for this that i can think of:
> 1. it was signed with a different key
> 2. something corrupted the variable holding the signature before it made
> it to disk
>
> is there some way of looking at the hex of the signature and
> distinguishing between these 2 possibilities?
>
> i have enough other checks to verify that the file and signature were
> not tampered with since they were originally written.
>

Try:

openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse

if you get an error message about invalid block type it could be the wrong key
or possibly a corrupted signature. Otherwise if you get some readable output
it will tell you the digest it is expecting to see.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: any way to debug signature verification failure?

john guerrero
hi steve,

ok, i tried:
openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse

and got:
RSA operation error
15946:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
15946:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:580:

i'm interpreting this to be the "invalid block type" that you mentioned
earlier...so it's either a corrupted signature or else it was signed
with a different key.  i got this same error when trying both keys that
i have.

is my understanding correct?

as for "readable output", do you mean something like this?  (which i got
from a known good combination)
    0:d=0  hl=2 l=  33 cons: SEQUENCE
    2:d=1  hl=2 l=   9 cons:  SEQUENCE
    4:d=2  hl=2 l=   5 prim:   OBJECT            :sha1
   11:d=2  hl=2 l=   0 prim:   NULL
   13:d=1  hl=2 l=  20 prim:  OCTET STRING
<snip>


thanks,
jlg

Dr. Stephen Henson wrote:

>On Wed, Nov 23, 2005, john guerrero wrote:
>
>  
>
>>i have a signature that fails verification.
>>
>>openssl dgst -sha1 -verify public.pem -signature sigfile myfile
>>Verification Failure
>>
>>this one particular pair (sigfile, myfile) fails verification out of a
>>group of 500,000 pairs which all succeed.
>>
>>there are at least 2 possbilities for this that i can think of:
>>1. it was signed with a different key
>>2. something corrupted the variable holding the signature before it made
>>it to disk
>>
>>is there some way of looking at the hex of the signature and
>>distinguishing between these 2 possibilities?
>>
>>i have enough other checks to verify that the file and signature were
>>not tampered with since they were originally written.
>>
>>    
>>
>
>Try:
>
>openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse
>
>if you get an error message about invalid block type it could be the wrong key
>or possibly a corrupted signature. Otherwise if you get some readable output
>it will tell you the digest it is expecting to see.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>
>  
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: any way to debug signature verification failure?

Dr. Stephen Henson
On Tue, Nov 29, 2005, john guerrero wrote:

> hi steve,
>
> ok, i tried:
> openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse
>
> and got:
> RSA operation error
> 15946:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> type is not 01:rsa_pk1.c:100:
> 15946:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
> failed:rsa_eay.c:580:
>
> i'm interpreting this to be the "invalid block type" that you mentioned
> earlier...so it's either a corrupted signature or else it was signed
> with a different key.  i got this same error when trying both keys that
> i have.
>
> is my understanding correct?
>

Those are by far the most likely possibilities.

There is an outside chance that its a bug in OpenSSL which produces an invalid
signature or causes the verify to fail.

If you are pretty sure it was signed with one of those keys then you can check
that out by attempting to sign the data again using each key and comparing the
signature to the original.

If you get a match then its an OpenSSL bug.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]