How can I be sure that the signature is actually wrong? Our smart card provider
is going to ignore my email if I say that their card is not signing correctly
with the private key.
What if the message digest is wrong? However everything works fine for 128 byte
modulus.
--- On Thu, 16/12/10, Kannan J <kannan_jayapraka...@yahoo.co.in> wrote:
From: Kannan J <kannan_jayapraka...@yahoo.co.in>
Subject: Re: Verify CSR fails for 256 byte modulus, what am I doing wrong?
To: openssl-users@openssl.org
Date: Thursday, 16 December, 2010, 8:34 PM
This is the error message I get when I use openssl to verify my generated CSR:
D:\deleteme>openssl req -noout -text -verify -in server.csr >verify.out
verify failure
4368:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
no
t 01:.\crypto\rsa\rsa_pk1.c:100:
4368:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:.\c
rypto\rsa\rsa_eay.c:699:
4368:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:.\crypto\asn
1\a_verify.c:184:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=arcot, CN=ob2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:95:e1:ab:bf:fc:a1:aa:b6:ce:ae:f0:5e:c5:34:
a8:7a:8f:bf:33:15:61:9f:dd:f2:c8:3d:20:fc:ba:
7f:bb:06:c0:77:43:9d:82:dc:62:bb:38:33:09:68:
46:72:ec:19:ce:db:59:4e:aa:5f:23:47:c1:fe:3b:
ef:52:ca:c9:ca:76:01:8d:5b:f2:d5:56:97:96:e7:
49:3b:02:b2:9a:74:34:db:ea:18:72:5c:bf:70:c8:
81:4f:d9:95:28:70:6f:93:6e:b9:17:7a:f2:1e:67:
36:e4:b3:0a:21:56:af:f3:9b:77:b4:cc:f9:69:6a:
56:4d:69:77:ca:2d:bc:a8:88:1c:dd:e0:33:69:ea:
41:f0:4d:c3:7f:79:f5:ae:1d:98:90:f4:59:60:53:
15:8e:35:fd:4c:ce:5c:00:ea:55:ea:e8:18:2d:3d:
e0:81:af:47:3a:8a:8e:dd:21:1b:1b:f0:20:68:91:
ce:67:46:23:17:7b:ce:de:d3:96:98:91:5b:08:b7:
7c:c4:75:41:33:01:da:f9:70:58:b6:20:b3:e8:66:
16:7c:67:67:26:97:02:8b:86:4b:1b:5c:11:f1:95:
14:3a:52:41:e0:22:cb:47:97:c9:18:b2:4e:fd:ef:
f8:d4:57:6a:78:9e:bc:78:a4:0a:1d:25:ff:2e:df:
6c:e1
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
1e:69:17:3e:01:5c:25:3e:db:88:1d:70:06:e0:08:e7:2b:85:
45:bd:de:ea:33:f3:99:55:40:9a:66:06:80:6c:6a:e8:45:77:
14:66:36:98:62:ce:26:a0:56:ab:7d:ed:46:35:5c:64:54:b0:
7f:b8:9b:37:33:3e:f7:fd:35:55:b0:97:88:c3:2b:a3:a1:d8:
36:7a:2f:9d:74:6f:b4:01:17:d0:9d:5a:60:d2:cc:90:38:3a:
9b:9e:e0:80:0b:99:57:51:80:e4:62:d0:a0:03:2d:fa:0f:dd:
3a:3b:74:4e:77:a4:8f:43:71:8b:7e:2c:9d:35:7b:76:e0:72:
ec:22:3d:69:6e:47:f0:47:6b:8d:58:22:dd:7a:33:a4:9d:33:
b1:b8:d6:5d:f7:fc:24:f0:ad:5a:d5:2b:7c:3f:a2:c1:1e:31:
22:57:cb:95:22:1b:9d:35:f2:eb:72:a5:a6:79:04:4b:58:41:
2d:15:74:1f:ce:10:0c:27:8e:97:66:01:c9:e0:de:e7:75:55:
59:0a:0b:1d:22:f5:ee:23:2d:3c:15:f5:3c:e1:95:d1:2f:c1:
76:5a:46:99:97:02:e1:15:02:61:20:ae:cc:b9:c8:45:f9:09:
1e:be:ca:83:ab:bf:ed:6d:b0:b0:70:04:01:92:cf:af:90:60:
a9:3e:27:ce
Any ideas what the error message means?
Thanks,
Kannan
--- On Thu, 16/12/10, Kannan J <kannan_jayapraka...@yahoo.co.in> wrote:
From: Kannan J <kannan_jayapraka...@yahoo.co.in>
Subject: Verify CSR fails for 256 byte modulus, what am I doing wrong?
To: openssl-users@openssl.org
Date: Thursday, 16 December, 2010, 12:23 PM
I use the smart card to generate the private-public key pair on the card, get
the public key modulus from the card, generate a CSR for a user, compute the
MD5 Hash using SHA1, give this hash to the card for signing the hash with the
private key, append this signature to the CSR, and verify this CSR using
org.bouncycastle.jce.PKCS10CertificationRequest.
Below is my program which has the code for CSR generation and verification. I
have hardcoded the public modulus (String modulusStr) and the corresponding
signature (
String signedCSR) received from the card for the CSR generated using the
public key modulus. The values used are for 256 modulus, and the verification
fails.
You also see a commented set of values for the same variables, for 128 byte
modulus. Verification succeeds for 128 byte modulus. Can someone explain why
this is happening?
thanks,
Kannan
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import sun.security.pkcs.PKCS10Attributes;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
public class GenerateCSR {
private static SubjectPublicKeyInfo getPublicKeyInfo(Key publicKey) throws
IOException {
ByteArrayInputStream bIn = new ByteArrayInputStream(publicKey.getEncoded());
ASN1InputStream dIn = new ASN1InputStream(bIn);
return new SubjectPublicKeyInfo((ASN1Sequence) dIn.readObject());
}
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
//128 byte modulus
// String modulusStr =
"AB198AC3A10AF5A7B7546F719D5FEB67797BC5A03CD0AFEAF2A8F370719F6E992BB7FBAF6F55E7D44610B6CBC962172A9AFF36859426E9B17A5BDD3A87A7583E153A6F6838ED4BC0BB268F2A5A51388A42B02417C17BBFF2D95C20C8C208A13FA043B46A4762C9927692232B405857570418D98AE7EB442D4697D3A9CA53BE81";
//256 byte modulus
String modulusStr =
"95E1ABBFFCA1AAB6CEAEF05EC534A87A8FBF3315619FDDF2C83D20FCBA7FBB06C077439D82DC62BB383309684672EC19CEDB594EAA5F2347C1FE3BEF52CAC9CA76018D5BF2D5569796E7493B02B29A7434DBEA18725CBF70C8814FD99528706F936EB9177AF21E6736E4B30A2156AFF39B77B4CCF9696A564D6977CA2DBCA8881CDDE03369EA41F04DC37F79F5AE1D9890F4596053158E35FD4CCE5C00EA55EAE8182D3DE081AF473A8A8EDD211B1BF0206891CE674623177BCEDED39698915B08B77CC475413301DAF97058B620B3E866167C67672697028B864B1B5C11F195143A5241E022CB4797C918B24EFDEFF8D4576A789EBC78A40A1D25FF2EDF6CE1";
byte[] modulus = HexString.hexToBuffer(modulusStr);
String sigAlg = "SHA1WithRSA";
String userDN = "cn=ob2,o=arcot";
RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(new
BigInteger(1,modulus), new BigInteger("65537"));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
SubjectPublicKeyInfo ski = getPublicKeyInfo(publicKey);
ASN1EncodableVector v = new ASN1EncodableVector();
CertificationRequestInfo reqInfo = new CertificationRequestInfo(new
X509Name(userDN), ski, new DERSet(v));
// Build an instance of pkcs10 with the public key from the card.
sun.security.pkcs.PKCS10 pkcs10 = new sun.security.pkcs.PKCS10(publicKey);
DerOutputStream out, scratch;
byte [] certificateRequestInfo;
Signature signature = null;
// signature is not initialized because CSR is not going to be signed here; if
not on the card.
signature = Signature.getInstance(sigAlg);
// Build the info.
X500Principal x500 = new X500Principal(userDN);
X500Name x500name = new X500Name(x500.getEncoded());
X500Signer requester = new X500Signer(signature, x500name);
X500Name subject = requester.getSigner();
// Encode CSR info, wrap in a sequence for being signed.
scratch = new DerOutputStream();
// PKCS #10 v1.0.
scratch.putInteger(BigInteger.ZERO);
// X.500 name.
subject.encode(scratch);
// Public key.
Key subjectPublicKeyInfo = pkcs10.getSubjectPublicKeyInfo();
scratch.write(subjectPublicKeyInfo.getEncoded());
PKCS10Attributes attributeSet = new PKCS10Attributes();
attributeSet.encode(scratch);
out = new DerOutputStream();
// Wrap it.
out.write(DerValue.tag_Sequence, scratch);
certificateRequestInfo = out.toByteArray();
scratch = out;
requester.getAlgorithmId().encode(scratch);
//CSR hash signed with the private key of the smart card.
//for 128 byte modulus
// String signedCSR =
"9333B5D6841A62D208B9715DD1464B695FAE533244D554012B4CABD47339C86666D0876544F7B297D1531DDDB2BA030918A2F42672DC7C934267AD98C4BF17BCB7C7FCF8D75B600452E6F2775525F761C6612410632D5F598F009E9A6E0A6EEF7947172A367780869500861193D2D7216DE22C1E6EA7D85E1C237982E07A2A50";
//for 256 byte modulus
String signedCSR =
"1E69173E015C253EDB881D7006E008E72B8545BDDEEA33F39955409A6606806C6AE845771466369862CE26A056AB7DED46355C6454B07FB89B37333EF7FD3555B09788C32BA3A1D8367A2F9D746FB40117D09D5A60D2CC90383A9B9EE0800B99575180E462D0A0032DFA0FDD3A3B744E77A48F43718B7E2C9D357B76E072EC223D696E47F0476B8D5822DD7A33A49D33B1B8D65DF7FC24F0AD5AD52B7C3FA2C11E312257CB95221B9D35F2EB72A5A679044B58412D15741FCE100C278E976601C9E0DEE77555590A0B1D22F5EE232D3C15F53CE195D12FC1765A46999702E115026120AECCB9C845F9091EBECA83ABBFED6DB0B070040192CFAF9060A93E27CE";
scratch.putBitString(HexString.hexToBuffer(signedCSR));
out = new DerOutputStream();
out.write(DerValue.tag_Sequence, scratch);
String b64CSR = new String( Base64.encode(out.toByteArray()));
System.out.println("\nCSR to be submitted to CA:\n" + b64CSR);
Security.addProvider(new BouncyCastleProvider());
PKCS10CertificationRequest p10req = new
PKCS10CertificationRequest(out.toByteArray());
boolean verified = p10req.verify();
if(!verified)
System.out.println("\nVerify failed");
else
System.out.println("\nVerify succeeded");
}
}
