On Tue, Sep 27, 2016 at 12:21:52PM +0300, Georgi Guninski wrote: > Two distinct DSA keys sign a file with the same signature. Is this > repudiation issue? > > I have two distinct DSA keys k_1 and k_2, p_i are distinct 1024 bit > primes and q_i are 160 bit primes (easily can be made larger). > The other parameters of the keys are distinct, counting congruences. > > On openssl 1.0.1t they produce exactly the same signature on a file: > > $ openssl dgst -sha1 -verify key1.pub -signature file.txt.sig file.txt ; > openssl dgst -sha1 -verify key2.pub -signature file.txt.sig file.txt > Verified OK > Verified OK > > In addition I created with them two valid self signed x509 certificates. > > The key owners can claim the other one made the signature, > which appears crypto repudiation issue. > > How to try the signatures in other scenarios? > > Is this known? > > Is this theoretical weakness in openessl 1.0.1t? > > Is this a bug at all?
I tried this using two randomly generated DSA key pairs and couldn't reproduce your results. I got exactly what I would've expected - $ openssl dgst -sha1 -verify keyrandom.pub -signature test.sig test Verified OK $ openssl dgst -sha1 -verify keyrandom2.pub -signature test.sig test Verification Failure You sure your original DSA keys are unique?? This was openssl 1.0.2 on FreeBSD 10. John
signature.asc
Description: PGP signature
