Unfortunately I'm unable to reproduce. The signature you provided verifies fine with that private key.
/tmp ❯❯❯ openssl dgst -verify dsa.key -signature test.sig test.txt Verified OK /tmp ❯❯❯ cat dsa.key -----BEGIN PUBLIC KEY----- MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJeeE6sU5RBpDfNHj9J9abda8TYkBZNB tnWBfPvsqsuiMpqPWOrs5N9m5kKZuKSF639XlHVKeCCh+k1YfOw02qZuP7w8Q8v8 7FrMW5b9o35DeqGDlHyjYCdYRnDjM7Gs8VfAl1+8PCb1AbOhscF/ojP5lrqjn9m2 XbAHe+afCRLXAhUA9krLBVX+ckL7mb+KrhD3JehLGHsCgYB3jMw4QDHsQDnRVZoo +NeAe5LkJeZbPMOrxHQ6H9LX0kKuAo1lZarkql3ACWyVLo9ytb2KPDCw4r0Itaj1 C742ty8FjlreC/E8vsArflV5joUyx7hlmV8Xuirpp2E0rC/feUXJ/zbnpGCcvrA8 23h8UZ2ehQoGnj1tfBBihk7ivQOBhAACgYB6SxCTS+tyieOJImPQz9lTfAbNW9rt Gzm2+FycGRGJJrL6XbjcC2N/h4x6KCgCedPli1CrHAcT+f5ZrIMYYK7VzT3IE0wl t/cikMJ2fFvvNalh9WpvyBbjm8t40LrdjRxN+iIYmpo+eA4rZLPAjPb+8wwZXuGD 9m7ImaBf203q5A== -----END PUBLIC KEY----- /tmp ❯❯❯ cat test.sig | xxd 00000000: 302e 0215 00c6 ca52 72c6 592c e778 24cd 0......Rr.Y,.x$. 00000010: bd30 16ff 3a32 395b a302 1500 b024 a83e .0..:29[.....$.> 00000020: 3e26 8a98 41d6 fffd fe98 8524 19fd fe12 >&..A......$.... /tmp ❯❯❯ cat test.txt Je tente de signer un message un peu plus gros que le precedent⏎ Alex On Tue, Mar 11, 2025 at 7:53 AM Bruno Martin <bruno.mar...@i3s.unice.fr> wrote: > > Hello, > > I'd like to show the interoperability between openssl 3.4.1 and Python > 3.13/cryptography 44.0.1 library (which generally works). I signed with DSA a > short message using Python/Cryptography with: > > message (in French): Je tente de signer un message un peu plus gros que le > precedent > > def sign(message, sk): > chosen_hash = hashes.SHA256() > hasher = hashes.Hash(chosen_hash) > hasher.update(message) > digest = hasher.finalize() > signature = sk.sign( > digest, utils.Prehashed(chosen_hash) > ) > return signature > > with the DSA key > > -----BEGIN PRIVATE KEY----- > MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAJeeE6sU5RBpDfNHj9J9abda8TYk > BZNBtnWBfPvsqsuiMpqPWOrs5N9m5kKZuKSF639XlHVKeCCh+k1YfOw02qZuP7w8 > Q8v87FrMW5b9o35DeqGDlHyjYCdYRnDjM7Gs8VfAl1+8PCb1AbOhscF/ojP5lrqj > n9m2XbAHe+afCRLXAhUA9krLBVX+ckL7mb+KrhD3JehLGHsCgYB3jMw4QDHsQDnR > VZoo+NeAe5LkJeZbPMOrxHQ6H9LX0kKuAo1lZarkql3ACWyVLo9ytb2KPDCw4r0I > taj1C742ty8FjlreC/E8vsArflV5joUyx7hlmV8Xuirpp2E0rC/feUXJ/zbnpGCc > vrA823h8UZ2ehQoGnj1tfBBihk7ivQQXAhUAmeKg5l0VXaVoBLsLH6c0vpC4uBs= > -----END PRIVATE KEY----- > > The signature of the message is saved as a byte array in a file test.sig. > > The verification with openssl fails with the message Verification failure > after the command > openssl dgst -verify dsa_public_key.pem -signature test.sig test.txt > > I ASN.1 decoded the pica signature which prints > > RSAPrivateKey SEQUENCE (2 items) > version Version INTEGER (160 bit) > modulus INTEGER (160 bit) > > And the same decoding holds as well for a signature obtained with OpenSSL > (with different values) but the latter is successfully verified. Bellow are > two DSA signatures of the message in base64 > > pyca: MC4CFQDGylJyxlks53gkzb0wFv86MjlbowIVALAkqD4+JoqYQdb//f6YhSQZ/f4S > openssl : MC4CFQCq1x7axNVxFr7Y7fR/TZRBHHEMWQIVAKOkA3I6y1gEzBHBA/Ng99JIDeMs > > I asked the question on crypto stackexchange with two comments: one replying > the openssl verification works on python3.10.6/pyca3.4.8 on Ubuntu22.04 the > other confirms that OpenSSL accepts the openssl signature but refuses the > pyca signature with Verification failure. > > Thanks in advance for any answer/explanation of this failure and direct > replies since I am not a subscriber of the list. > > Bruno Martin > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
