I need to recover the message from an RSA signature.
I tried the following but it does not work:
//***************************************************************************
RSA::PublicKey Kpub;
Kpub.Load(FileSource("kpub.bin", true));
DWORD signatureLen;
BYTE *signature = ReadFromDisk("signature.bin", &signatureLen); // then
signatureLen=0x80
RSASS<PSSR, SHA>::Verifier verifier(Kpub);
//maxLen is then 0x56!!!
long maxLen =
verifier.MaxRecoverableLengthFromSignatureLength(signatureLen);
SecByteBlock recovered(maxLen);
DecodingResult result = verifier.RecoverMessage(recovered, NULL, 0,
signature, signatureLen);
bool r = result.isValidCoding; // then r=0 -> invalid coding
unsigned int recoveredLen = result.messageLength; // then recoveredLen=0
//***************************************************************************
I tried to recover it using openssl:
openssl rsautl -inkey kpub.bin -pubin -keyform DER -in signature.bin -raw
-verify -hexdump
Loading 'screen' into random state - done
0000 - 6a 0c 19 a2 aa 1b c9 8a-32 84 a2 bb 7e a3 1b 45
0010 - 5d 35 d8 26 b4 92 ac a9-2c 03 f8 99 19 00 3b c9
0020 - 38 ee 32 93 20 9f c2 a1-2d 32 63 9d 76 94 89 ac
0030 - af 09 70 22 c8 ee 8b a1-ed e5 16 54 c9 c1 ab 54
0040 - 6d b4 b3 cd 95 e4 84 1f-69 8f a1 ab 5d e2 24 25
0050 - 28 cb 7b c1 4d 06 34 6b-2e e7 d3 d9 3a c2 8e 80
0060 - e7 cf 19 a7 69 b1 a9 62-93 fa 62 ac 60 02 7b 6c
0070 - 67 c4 28 2c 7a 62 4e 59-cc 31 25 7b 80 f5 a0 bc
-> this corresponds to the message (I know what the original message for
this sample is).
How can I do in crypto++ to get the same result as in openssl??
The maxLen is 0x56, which is smaller than the message (0x80 bytes). Could
this be the problem?
Could it be that using RSASS<PSSR, SHA> is the problem? Should other
algorithm be used instead?
As a reference, this is the data I used:
Public Key kpub.bin (RSA1024):
30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01
05 00 03 81 8d 00 30 81 89 02 81 81 00 ea 75 94
cc 50 db 57 54 45 5e d3 07 73 21 a4 a5 f5 ae 2e
b7 e1 b1 7b f9 56 f0 76 a9 b4 18 da 89 f5 a3 28
1e 0b 0a 1c 42 1b cc 9c 9a 6a c2 58 67 2d 33 d1
02 7e b1 cc 3b 91 27 de 9d c5 0f 71 03 99 41 6c
05 f2 a8 44 dc 75 4a 96 2c a9 12 67 11 ed de 7e
e8 0b 1d 2b 2a b7 3f b2 22 71 9f 86 29 b8 1a de
38 4d 9b 89 60 54 32 22 20 7e 30 45 0b d6 b7 5c
46 80 6d 6b 3e e3 6e da 1b d9 6c 98 e1 02 03 01
00 01
Signature signature.bin:
db 44 27 b6 e0 6b 4e 1c a8 c6 31 59 a8 1e 16 54
d3 38 e3 5a 19 c1 53 62 40 f2 4a e9 b1 74 e0 e4
d8 fa 6a 52 5e 5f 07 8f 25 7f b9 43 08 67 8c b2
02 e8 4b 2b c2 d7 dd ba 04 28 c0 ac 8e a5 bf 6c
0d 86 86 7c ad d7 ea 83 40 84 10 ca 1d b5 1f 5e
96 d0 85 fa 93 84 45 44 05 05 b2 55 1c cf 97 24
a9 ba 40 e2 0e d7 fc 60 12 54 c7 c1 43 c2 1f ca
48 26 11 b7 86 0b e4 da 4e 4b ff 45 c5 46 2e f9
