Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.
Ah, that worked, thanks. https://gerrit.asterisk.org/c/asterisk/+/18534 > On May 6, 2022, at 12:43 AM, Tomas Mraz wrote: > > Please look at > demos/signature/rsa_pss_direct.c > > If you want to use the old PKCS1 v1.5 padding then just replace > RSA_PKCS1_PSS_PADDING with RSA_PKCS1_PADDING. > > Tomas > > On Thu, 2022-05-05 at 10:35 -0600, Philip Prindeville wrote: >> Bonjour. Et milles mercis. >> >> That was helpful. >> >> One more question: if I want to reproduce RSA_sign() (and >> RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll >> need add code to do the ASN.1 marshaling, right? There's no >> convenience function to do that (seems like an oversight if that's >> the case)? >> >> -Philip >> >> >>> On May 4, 2022, at 3:45 AM, Erwann Abalea >>> wrote: >>> >>> Bonjour, >>> >>> The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 >>> padding for signature operations. >>> PKCS#1v1.5 is rewritten in RFC2313. >>> >>> Using the command line tool, you can reproduce this: >>> >>> echo -n "Mary had a little lamb." > datatosign >>> >>> either one of the following can be used to sign data: >>> openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > >>> signing >>> openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst >>> -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing >>> >>> and you can display the signature either way (this will not >>> "verify", it will only perform the RSA verify operation with >>> PKCS#1v1.5 padding, without checking the validity or even if what >>> has been signed is a DigestInfo structure, and output the result of >>> the RSA operation): >>> openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in >>> signing -asn1parse >>> openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub - >>> pubin -in signing -asn1parse >>> >>> or you can actually verify the thing without displaying the result >>> of the RSA verify crypto operation: >>> openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in >>> <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt >>> digest:sha1 >>> openssl dgst -verify tests/keys/rsa_key1.pub -signature signing - >>> sha1 datatosign >>> >> > > -- > Tomáš Mráz, OpenSSL > >
Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.
Please look at demos/signature/rsa_pss_direct.c If you want to use the old PKCS1 v1.5 padding then just replace RSA_PKCS1_PSS_PADDING with RSA_PKCS1_PADDING. Tomas On Thu, 2022-05-05 at 10:35 -0600, Philip Prindeville wrote: > Bonjour. Et milles mercis. > > That was helpful. > > One more question: if I want to reproduce RSA_sign() (and > RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll > need add code to do the ASN.1 marshaling, right? There's no > convenience function to do that (seems like an oversight if that's > the case)? > > -Philip > > > > On May 4, 2022, at 3:45 AM, Erwann Abalea > > wrote: > > > > Bonjour, > > > > The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 > > padding for signature operations. > > PKCS#1v1.5 is rewritten in RFC2313. > > > > Using the command line tool, you can reproduce this: > > > > echo -n "Mary had a little lamb." > datatosign > > > > either one of the following can be used to sign data: > > openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > > > signing > > openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst > > -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing > > > > and you can display the signature either way (this will not > > "verify", it will only perform the RSA verify operation with > > PKCS#1v1.5 padding, without checking the validity or even if what > > has been signed is a DigestInfo structure, and output the result of > > the RSA operation): > > openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in > > signing -asn1parse > > openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub - > > pubin -in signing -asn1parse > > > > or you can actually verify the thing without displaying the result > > of the RSA verify crypto operation: > > openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in > > <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt > > digest:sha1 > > openssl dgst -verify tests/keys/rsa_key1.pub -signature signing - > > sha1 datatosign > > > -- Tomáš Mráz, OpenSSL
Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.
Bonjour. Et milles mercis. That was helpful. One more question: if I want to reproduce RSA_sign() (and RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll need add code to do the ASN.1 marshaling, right? There's no convenience function to do that (seems like an oversight if that's the case)? -Philip > On May 4, 2022, at 3:45 AM, Erwann Abalea wrote: > > Bonjour, > > The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding > for signature operations. > PKCS#1v1.5 is rewritten in RFC2313. > > Using the command line tool, you can reproduce this: > > echo -n "Mary had a little lamb." > datatosign > > either one of the following can be used to sign data: > openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing > openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 > -binary datatosign) -sign -pkeyopt digest:sha1 > signing > > and you can display the signature either way (this will not "verify", it will > only perform the RSA verify operation with PKCS#1v1.5 padding, without > checking the validity or even if what has been signed is a DigestInfo > structure, and output the result of the RSA operation): > openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing > -asn1parse > openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in > signing -asn1parse > > or you can actually verify the thing without displaying the result of the RSA > verify crypto operation: > openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl > dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1 > openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 > datatosign >
Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.
Bonjour, The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations. PKCS#1v1.5 is rewritten in RFC2313. Using the command line tool, you can reproduce this: echo -n "Mary had a little lamb." > datatosign either one of the following can be used to sign data: openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation): openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse or you can actually verify the thing without displaying the result of the RSA verify crypto operation: openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1 openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign On Wed, May 4, 2022 at 7:16 AM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > Hi, > > I did the following in trying to build some validation steps to use > against my own rewrite of the crypto functions in Asterisk (to use > EVP-PKEY). > > % echo -n "Mary had a little lamb." | openssl sha1 -binary > digest > > % od -t x1 digest > 000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04 > 020 bd ef 57 00 > 024 > > % openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest > > signing > > % openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in > signing > digest2 > > % od -t x1 digest > 000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04 > 020 bd ef 57 00 > 024 > > And all of that looks good. > > But when I take the result of calling: > > const char msg[] = "Mary had a little lamb."; > unsigned msglen = sizeof(msg) - 1; > char digest[20]; > > /* Calculate digest of message */ > SHA1((unsigned char *)msg, msglen, digest); > > res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, , > key->rsa); > > And write that (dsig, siglen) to a file (signing2) and then try to verify > that, I get very different results: > > openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in > signing2 -asn1parse > 0:d=0 hl=2 l= 33 cons: SEQUENCE > 2:d=1 hl=2 l= 9 cons: SEQUENCE > 4:d=2 hl=2 l= 5 prim: OBJECT:sha1 >11:d=2 hl=2 l= 0 prim: NULL >13:d=1 hl=2 l= 20 prim: OCTET STRING > - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04 > N...L..v.]*. > 0010 - bd ef 57 00 ..W. > > Why is RSA_sign() wrapping the signature in ASN.1? > > Or, put a different way, how do I reproduce what RSA_sign() is doing from > the command line? > > Is there another command that does RSA signing besides rsautl? > > Thanks, > > -Philip > > > -- Cordialement, Erwann Abalea.