Hello,
I'm trying to verify an x509 certificate with a custom library (other than
openssl)
The reason I'm writing to this mailing list is that I can't figure out what
is going wrong.
The library is checked and nothing is wrong so I must be missing something.
The program I'm writing has to be compatible with NTP,
which uses openssl to create its certificates and uses NIDs for algorithm
identification.
The certificate is created on a server by openssl with RSA/SHA1, or some
other algorithm.
The modulus is 1024 bit and the e-bits are 3.
The algorithm used to create the signature, is that RSA/SHA1 with PKCS1
v1.5?
The OID I'm getting is: 1.2.840.113549.1.1.5
The NID given, according to NTP, is 65.
The functions called to create this certificate, used by ntp-keygen, are
these:
- Create RSA key-pair
- RSA_generate_key(1024, 3, cb, "RSA");
- So the modulus is 1024 bits, the exponent is 3, cb is some
callback function,
and "RSA" is what?
- RSA_check_key(rsa)
- This checks the rsa key generated for validity, right?
- Create certificate
- The certificate is filled with all the necessary info
- The public key is set: X509_set_pubkey(cert, pkey)
- cert is the internal openssl certificate format.
- pkey is the key pair in the openssl internal format.
- The CA is set to TRUE, along with some other extensions for key
constraints etc.
- The certificate is signed: X509_sign(cert, pkey, md)
- md is the message digest algorithm to use, which is the NID of
RSA/SHA1 (65 correct?)
- The certificate is verified using: X509_verify(cert, pkey)
Then the certificate is transmitted from this server in DER format
(converted from the internal openssl format to DER with the i2d routine in
openssl)
This DER format is what I'm getting. The certificate is read correctly.
The only thing I can't figure out is how this certificate's signature
should be verified.
The certificate being verified is self-signed and created in the above
manner.
So the issuer and subject are the same and the extension CA is TRUE.
Also, there is an extension called trustRoot.
So the main questions are these:
- How should the RSA key format be interpreted?
- The modulus is easy
- Is the exponent transmitted the e-bits portion of the RSA format?
- If so, how does this translate to the exponent portion?
If the e-bits are 3, does this mean the exponent is (2^(e-bits
-1)) + 1?
So, in the example: 2^2 + 1 = 5?
- If not, then what?
- How do I verify the signature?
- Is the algorithm to verify with RSA/SHA1 with PKCS1 v1.5?
- Is the signature wrapped in any way and with which scheme if so?
- Do I use the DER data up to and excluding the signature portion?
- If any data of the DER format needs to be excluded from the hash,
which data?
Any help would be great and much appreciated.
Thanks,
Dereck
