Hello, I am developing a webapp that will handle very basic authentication using client certificates. A user will access a webpage and the server will respond with a nonce (s-nonce). The client will then generate a random nonce (c-nonce) and compute and transmit the following back to the server:
Sign(SHA1(s-nonce || c-nonce)), SPKI The SPKI is the signer's Subject Public Key Info. The client will sign the SHA1 with a private key that has an associated certificate. I'm currently using NSS/XPIDL to expose the cryptographic functionality to content JavaScript. The NSS software that I've been using for computing signatures is this: secuPWData * pwdata = (secuPWData *) malloc(sizeof(secuPWData)); privk = PK11_FindKeyByAnyCert(myCert, pwdata); //myCert is a CERTCertificate * PK11_Sign(privk, &signature, &hash); //signature, hash are SECItem * and have proper values at this point This works correctly and will correctly verify if I perform: PK11_Verify(pubk, &signature, &hash, NULL); //pubk is the certificates public key (SECKEYPublicKey *) My issue arises after I've transmitted the signature and SPKI to the server. The signature is never successfully verified. I'm using PyCrypto server-side. I've tried verifying the signature as an RSASSA-PSS signature and also as an RSAPKCS#1_v1.5 signature and both fail. This leads me to believe that the signature generated by PK11_Sign() is a "textbook-RSA" signature. I tried using my RSA key to perform RSASSA-PSS (SGN_Digest(privk, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, &signature, &hash);) but this throws error 8152, namely that the key does not support the signature scheme. Does anyone definitively know if PK11_Sign actually computes textbook-RSA signatures? And does anyone know a way that I could generate PKCS#1v1.5 signatures using NSS, or potentially use it to generate an RSASSA-PSS key? I looked into using openSSL but it doesn't look like that type of key is supported. Thank you for any help that you can give me. -- David Widen BS, MSE in Computer Science 2013 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto