> From: owner-openssl-us...@openssl.org On Behalf Of kapetr > Sent: Monday, 21 January, 2013 05:27
> I'm trying to manually verify signature in some SignedData > ASN.1 structures, which is used in most cases in signature - > e.g. S/MIME, Timestamps, ... using x.509 certificates. > > Lets see this example: > > -in file.tsr is Time Stamp reply - it contains SignedData > structure (at byte 9 offset) which contains SignerInfo which > contains signedAttributes. They are signed with private key > of certificate cert.pem (it is the public part only). > > - lets get signedAttrs (that is what is signed) and the > signature itself > openssl asn1parse -inform der -in file.tsr -strparse 410 -out > signedAttrs > dd if=file.tsr of=sig bs=1 skip=697 > > In http://www.ietf.org/rfc/rfc2630.txt section 5.4 (site 11) > says, that it must be changed the IMPLICIT [0] to SET -> I > have changed the first byte of signedAttrs to 31h - if you > parse it with asn1parse, it seems to be correct then. > > The corrected version is in file signedAttrs-with-SET > Right so far. > -now remains to get digests: > openssl dgst -sha256 -binary -out signedAttrs.sha256 signedAttrs > openssl dgst -sha256 -binary -out > signedAttrs-with-SET.sha256 signedAttrs-with-SET > > - and we can try to verify: > openssl pkeyutl -verify -in signedAttrs.sha256 -sigfile sig > -certin -inkey cert.pem > openssl pkeyutl -verify -in signedAttrs-with-SET.sha256 > -sigfile sig -certin -inkey cert.pem > > but both fails: "Signature Verification Failure" > The RSA-signed value is not just the hash, but a small structure encoding it, and pkeyutl needs to be told that. Add (at the end) -pkeyopt digest:sha256 . Since you're using RSA, you can see this by (instead) doing pkeyutl -verifyrecover -in sig -certin&inkey -hexdump . You'll see a SEQUENCE of AlgID which is OID=sha256,NULL and OCTET STRING which is the actual hash value. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
