signing data
Dear all
I'm quite the noob in all things OpenSSL, and I'm struggling getting
started with signing a piece of data.
Here a MWE that should illustrate the problem. It loads private.pem (a
RSA private key I generated using `openssl genrsa -out private.pem
1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
but that's irrelevant) and then outputs the signature using base64 coding.
#include openssl/bio.h
#include openssl/conf.h
#include openssl/evp.h
#include openssl/pem.h
#include openssl/err.h
int main()
{
// data to sign
char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3;
// init openssl
OPENSSL_config(NULL);
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
// load private key for signing
EVP_PKEY* prv_key = NULL;
BIO* bio = BIO_new_file(./private.pem, rt);
prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL);
BIO_free(bio);
// sign data
EVP_MD_CTX ctx;
unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
unsigned int s;
EVP_MD_CTX_init(ctx);
if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort();
if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort();
if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort();
EVP_MD_CTX_cleanup(ctx);
// create base64 encoded output of the signature
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
bstdout = BIO_push(b64, bstdout);
BIO_write(bstdout, sign, s);
BIO_flush(bstdout);
BIO_free_all(bstdout);
// cleanup
free(sign);
ERR_remove_state(0);
ERR_free_strings();
EVP_cleanup();
CONF_modules_free();
CRYPTO_cleanup_all_ex_data();
}
Using this program I get the following output:
enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL
C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB
1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA=
However, when using the rsautl utility as follows, the result is different:
$ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \
openssl rsautl -sign -inkey ./private.pem | \
openssl enc -base64
FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG
RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh
170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4=
Am I missing something? AFAIK the default digest is SHA1, but I also
tried playing around with others (MD5, SHA256) and
EVP_PKEY_get_default_digest(), but still the result was different from
the one obtained with rsautl.
Any help would be greatly appreciated.
Michael
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: signing data
On 7 June 2013 07:06, Michael Wild them...@users.sourceforge.net wrote:
Dear all
I'm quite the noob in all things OpenSSL, and I'm struggling getting
started with signing a piece of data.
The thing is that on the command line your data is subtly different than in
your C program. Hash algorithms are ruthless in this regard and that's why
they are so useful ;) See my comments inlined.
Here a MWE that should illustrate the problem. It loads private.pem (a
RSA private key I generated using `openssl genrsa -out private.pem
1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
but that's irrelevant) and then outputs the signature using base64 coding.
#include openssl/bio.h
#include openssl/conf.h
#include openssl/evp.h
#include openssl/pem.h
#include openssl/err.h
int main()
{
// data to sign
char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3;
`data' includes terminating '\0' implicitly
// init openssl
OPENSSL_config(NULL);
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
// load private key for signing
EVP_PKEY* prv_key = NULL;
BIO* bio = BIO_new_file(./private.pem, rt);
prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL);
BIO_free(bio);
// sign data
EVP_MD_CTX ctx;
unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
unsigned int s;
EVP_MD_CTX_init(ctx);
if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort();
if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort();
This should be either `sizeof(data) - 1' or `strlen(data)'
HTH,
Kris
Re: Entrpoy and OpenSSL
On 6/6/2013 4:57 AM, srikanth chakravarthula wrote: Hi I need help in openssl random seed genertion. We use the genrsa command to generate keys and certificates and we want to ensure the entropy of the random number being generated is having a high entropy. we need to know how does openssl while genrting the key using the command genrsa will generate the random number and of what bytes does it. How can we improve the entropy before generating the key, we use dev/urandom and its been said that there is an options like rand_add and rand_seed. On platforms with /dev/random and /dev/urandom, openssl by default seeds itself from one of those. On other platforms, the documentation is murky at best. rand_add() is what your own code would call if it had a different and better source of entropy which was for some reason not set up to just add its entropy to the /dev/urandom system pool automatically (most hardware entropy sources on the market do that). How do I call these API's using the shell script before generating the keys to ensure high entropy is achieved. Also how do I output the random seed generated to check for the entropy. Use the -rand option Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: signing data
The printf command appends a newline to the data so it's different from what your program has. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Entrpoy and OpenSSL
Hi Jakob, Thank you for your response. So If I understand, when genrsa or rand command is called, it uses the seeded random number from /dev/random or /dev/urandom and generates the key and then re-seeds the random bytes from the /dev/random or/dev/urandom. And it will use the configrued RANDFILE for this purpose. Is my understanding correct. So f I want to reseed the random seeds generated from /dev/random or /dev/urandom I need to use the RAND_add command checking for the entropy. this RAND_add command is from a C API as I could not find a command or script from openssl directly. Is it compiled as a C library?. or can we use any custom API etc.. to generate and add on to the one generated from /dev/random or /dev/urandom to have enough entropy. Appreciate your help on this. Thanks, Srikanth On Fri, Jun 7, 2013 at 3:38 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 6/6/2013 4:57 AM, srikanth chakravarthula wrote: Hi I need help in openssl random seed genertion. We use the genrsa command to generate keys and certificates and we want to ensure the entropy of the random number being generated is having a high entropy. we need to know how does openssl while genrting the key using the command genrsa will generate the random number and of what bytes does it. How can we improve the entropy before generating the key, we use dev/urandom and its been said that there is an options like rand_add and rand_seed. On platforms with /dev/random and /dev/urandom, openssl by default seeds itself from one of those. On other platforms, the documentation is murky at best. rand_add() is what your own code would call if it had a different and better source of entropy which was for some reason not set up to just add its entropy to the /dev/urandom system pool automatically (most hardware entropy sources on the market do that). How do I call these API's using the shell script before generating the keys to ensure high entropy is achieved. Also how do I output the random seed generated to check for the entropy. Use the -rand option Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __**__**__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards, Srikanth
Re: signing data
On 7 June 2013 12:09, Salz, Rich rs...@akamai.com wrote: The printf command appends a newline to the data so it's different from what your program has. /r$ That's not true. It behaves pretty much like standard C printf(), i.e. it doesn't print any characters unless you ask it for them. You can check it by simply executing it on the command line on its own and see your next command prompt on the same line as the output of this particular printf command. Or if you're sceptical about it you can do the following: printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | hexdump -Cv No new line added. As I already suggested, it's an implicit NULL terminator in the C string literal in the C program. Cheers, Kris
Re: signing data
On Fri, Jun 07, 2013, Michael Wild wrote:
Dear all
I'm quite the noob in all things OpenSSL, and I'm struggling getting
started with signing a piece of data.
Here a MWE that should illustrate the problem. It loads private.pem (a
RSA private key I generated using `openssl genrsa -out private.pem
1024`) and then tries to sign a piece of data (here, it is a SHA1 hash,
but that's irrelevant) and then outputs the signature using base64 coding.
#include openssl/bio.h
#include openssl/conf.h
#include openssl/evp.h
#include openssl/pem.h
#include openssl/err.h
int main()
{
// data to sign
char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3;
// init openssl
OPENSSL_config(NULL);
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
// load private key for signing
EVP_PKEY* prv_key = NULL;
BIO* bio = BIO_new_file(./private.pem, rt);
prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL);
BIO_free(bio);
// sign data
EVP_MD_CTX ctx;
unsigned char* sign = malloc(EVP_PKEY_size(prv_key));
unsigned int s;
EVP_MD_CTX_init(ctx);
if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort();
if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort();
if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort();
EVP_MD_CTX_cleanup(ctx);
// create base64 encoded output of the signature
BIO* b64 = BIO_new(BIO_f_base64());
BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE);
bstdout = BIO_push(b64, bstdout);
BIO_write(bstdout, sign, s);
BIO_flush(bstdout);
BIO_free_all(bstdout);
// cleanup
free(sign);
ERR_remove_state(0);
ERR_free_strings();
EVP_cleanup();
CONF_modules_free();
CRYPTO_cleanup_all_ex_data();
}
Using this program I get the following output:
enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL
C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB
1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA=
However, when using the rsautl utility as follows, the result is different:
$ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \
openssl rsautl -sign -inkey ./private.pem | \
openssl enc -base64
FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG
RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh
170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4=
Am I missing something? AFAIK the default digest is SHA1, but I also
tried playing around with others (MD5, SHA256) and
EVP_PKEY_get_default_digest(), but still the result was different from
the one obtained with rsautl.
Any help would be greatly appreciated.
As well as the points other people have raised you're actually signing things
in two different ways. Your program hashes and signs the data whereas your
command line version just signs the raw data.
If you want to hash and sign on the command line you need the dgst utility
and its -sign option.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: signing data
Ø No new line added. As I already suggested, it's an implicit NULL terminator in the C string literal in the C program. Of rats, of course you're right. The proper thing to do is sizeof ... -1 /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384
Hi, Could you help where do i need to change the method from TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to be addresses? -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl_connect fails Windows Non-blocking
More info: Client SSL log: [SSL_connect:before/connect initialization] [SSL_connect:SSLv2/v3 write client hello A] [SSL_connect:Error en SSLv2/v3 read server hello A] [SSL_connect:SSLv3 read server hello A] [SSL_connect:SSLv3 read server certificate A] [SSL_connect:SSLv3 read server key exchange A] [SSL_connect:SSLv3 read server done A] [SSL_connect:SSLv3 write client key exchange A] [SSL_connect:SSLv3 write change cipher spec A] [SSL_connect:SSLv3 write finished A] [SSL_connect:SSLv3 flush data] [SSL_connect:Error en SSLv3 read finished A] [SSL_connect:Error en SSLv3 read finished A] ***ERROR: ssl_connect - error 5 - here it's the problem Server SSL log: [SSL_accept:before/accept initialization] [SSL_accept:SSLv3 read client hello A] [SSL_accept:SSLv3 write server hello A] [SSL_accept:SSLv3 write certificate A] [SSL_accept:SSLv3 write key exchange A] [SSL_accept:SSLv3 write server done A] [SSL_accept:SSLv3 flush data] [SSL_accept:Error en SSLv3 read client certificate A] Client SSL works with same certificate in another server, and Server SSL works with same certificate being attacked by another client. -- View this message in context: http://openssl.6102.n7.nabble.com/ssl-connect-fails-Windows-Non-blocking-tp45348p45463.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Safe to use SSL_peek?
Hi all,
Is SSL_peek() safe to use? I don't see it advertised as such, via
man-pages, but I do see the following in the 1.0.1c changelog:
Fix SSL_peek:
Both ssl2_peek and ssl3_peek, which were totally broken in earlier
releases, have been re-implemented by renaming the previous
implementations of ssl2_read and ssl3_read to ssl2_read_internal
and ssl3_read_internal, respectively, and adding 'peek' parameters
to them. The new ssl[23]_{read,peek} functions are calls to
ssl[23]_read_internal with the 'peek' flag set appropriately.
A 'peek' parameter has also been added to ssl3_read_bytes, which
does the actual work for ssl3_read_internal.
The reason I'd rather use SSL_peek() than SSL_read() is that I am reading
off bytes from an SSL socket and then handing it off to another socket --
and if this latter socket operation fails, I don't want to be stuck with
orphan bytes (read off the first SSL socket) that I'd then need to track
myself.
Thanks
--
-Vivek
