signing data
Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data. Here a MWE that should illustrate the problem. It loads private.pem (a RSA private key I generated using `openssl genrsa -out private.pem 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, but that's irrelevant) and then outputs the signature using base64 coding. #include openssl/bio.h #include openssl/conf.h #include openssl/evp.h #include openssl/pem.h #include openssl/err.h int main() { // data to sign char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3; // init openssl OPENSSL_config(NULL); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); // load private key for signing EVP_PKEY* prv_key = NULL; BIO* bio = BIO_new_file(./private.pem, rt); prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL); BIO_free(bio); // sign data EVP_MD_CTX ctx; unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); unsigned int s; EVP_MD_CTX_init(ctx); if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort(); if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort(); if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort(); EVP_MD_CTX_cleanup(ctx); // create base64 encoded output of the signature BIO* b64 = BIO_new(BIO_f_base64()); BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE); bstdout = BIO_push(b64, bstdout); BIO_write(bstdout, sign, s); BIO_flush(bstdout); BIO_free_all(bstdout); // cleanup free(sign); ERR_remove_state(0); ERR_free_strings(); EVP_cleanup(); CONF_modules_free(); CRYPTO_cleanup_all_ex_data(); } Using this program I get the following output: enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB 1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA= However, when using the rsautl utility as follows, the result is different: $ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \ openssl rsautl -sign -inkey ./private.pem | \ openssl enc -base64 FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh 170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4= Am I missing something? AFAIK the default digest is SHA1, but I also tried playing around with others (MD5, SHA256) and EVP_PKEY_get_default_digest(), but still the result was different from the one obtained with rsautl. Any help would be greatly appreciated. Michael __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: signing data
On 7 June 2013 07:06, Michael Wild them...@users.sourceforge.net wrote: Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data. The thing is that on the command line your data is subtly different than in your C program. Hash algorithms are ruthless in this regard and that's why they are so useful ;) See my comments inlined. Here a MWE that should illustrate the problem. It loads private.pem (a RSA private key I generated using `openssl genrsa -out private.pem 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, but that's irrelevant) and then outputs the signature using base64 coding. #include openssl/bio.h #include openssl/conf.h #include openssl/evp.h #include openssl/pem.h #include openssl/err.h int main() { // data to sign char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3; `data' includes terminating '\0' implicitly // init openssl OPENSSL_config(NULL); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); // load private key for signing EVP_PKEY* prv_key = NULL; BIO* bio = BIO_new_file(./private.pem, rt); prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL); BIO_free(bio); // sign data EVP_MD_CTX ctx; unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); unsigned int s; EVP_MD_CTX_init(ctx); if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort(); if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort(); This should be either `sizeof(data) - 1' or `strlen(data)' HTH, Kris
Re: Entrpoy and OpenSSL
On 6/6/2013 4:57 AM, srikanth chakravarthula wrote: Hi I need help in openssl random seed genertion. We use the genrsa command to generate keys and certificates and we want to ensure the entropy of the random number being generated is having a high entropy. we need to know how does openssl while genrting the key using the command genrsa will generate the random number and of what bytes does it. How can we improve the entropy before generating the key, we use dev/urandom and its been said that there is an options like rand_add and rand_seed. On platforms with /dev/random and /dev/urandom, openssl by default seeds itself from one of those. On other platforms, the documentation is murky at best. rand_add() is what your own code would call if it had a different and better source of entropy which was for some reason not set up to just add its entropy to the /dev/urandom system pool automatically (most hardware entropy sources on the market do that). How do I call these API's using the shell script before generating the keys to ensure high entropy is achieved. Also how do I output the random seed generated to check for the entropy. Use the -rand option Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: signing data
The printf command appends a newline to the data so it's different from what your program has. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Entrpoy and OpenSSL
Hi Jakob, Thank you for your response. So If I understand, when genrsa or rand command is called, it uses the seeded random number from /dev/random or /dev/urandom and generates the key and then re-seeds the random bytes from the /dev/random or/dev/urandom. And it will use the configrued RANDFILE for this purpose. Is my understanding correct. So f I want to reseed the random seeds generated from /dev/random or /dev/urandom I need to use the RAND_add command checking for the entropy. this RAND_add command is from a C API as I could not find a command or script from openssl directly. Is it compiled as a C library?. or can we use any custom API etc.. to generate and add on to the one generated from /dev/random or /dev/urandom to have enough entropy. Appreciate your help on this. Thanks, Srikanth On Fri, Jun 7, 2013 at 3:38 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 6/6/2013 4:57 AM, srikanth chakravarthula wrote: Hi I need help in openssl random seed genertion. We use the genrsa command to generate keys and certificates and we want to ensure the entropy of the random number being generated is having a high entropy. we need to know how does openssl while genrting the key using the command genrsa will generate the random number and of what bytes does it. How can we improve the entropy before generating the key, we use dev/urandom and its been said that there is an options like rand_add and rand_seed. On platforms with /dev/random and /dev/urandom, openssl by default seeds itself from one of those. On other platforms, the documentation is murky at best. rand_add() is what your own code would call if it had a different and better source of entropy which was for some reason not set up to just add its entropy to the /dev/urandom system pool automatically (most hardware entropy sources on the market do that). How do I call these API's using the shell script before generating the keys to ensure high entropy is achieved. Also how do I output the random seed generated to check for the entropy. Use the -rand option Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __**__**__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards, Srikanth
Re: signing data
On 7 June 2013 12:09, Salz, Rich rs...@akamai.com wrote: The printf command appends a newline to the data so it's different from what your program has. /r$ That's not true. It behaves pretty much like standard C printf(), i.e. it doesn't print any characters unless you ask it for them. You can check it by simply executing it on the command line on its own and see your next command prompt on the same line as the output of this particular printf command. Or if you're sceptical about it you can do the following: printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | hexdump -Cv No new line added. As I already suggested, it's an implicit NULL terminator in the C string literal in the C program. Cheers, Kris
Re: signing data
On Fri, Jun 07, 2013, Michael Wild wrote: Dear all I'm quite the noob in all things OpenSSL, and I'm struggling getting started with signing a piece of data. Here a MWE that should illustrate the problem. It loads private.pem (a RSA private key I generated using `openssl genrsa -out private.pem 1024`) and then tries to sign a piece of data (here, it is a SHA1 hash, but that's irrelevant) and then outputs the signature using base64 coding. #include openssl/bio.h #include openssl/conf.h #include openssl/evp.h #include openssl/pem.h #include openssl/err.h int main() { // data to sign char data[] = de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3; // init openssl OPENSSL_config(NULL); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); // load private key for signing EVP_PKEY* prv_key = NULL; BIO* bio = BIO_new_file(./private.pem, rt); prv_key = PEM_read_bio_PrivateKey(bio, prv_key, NULL, NULL); BIO_free(bio); // sign data EVP_MD_CTX ctx; unsigned char* sign = malloc(EVP_PKEY_size(prv_key)); unsigned int s; EVP_MD_CTX_init(ctx); if (!EVP_SignInit_ex(ctx, EVP_sha1(), NULL)) abort(); if (!EVP_SignUpdate(ctx, data, sizeof(data))) abort(); if (!EVP_SignFinal(ctx, sign, s, prv_key)) abort(); EVP_MD_CTX_cleanup(ctx); // create base64 encoded output of the signature BIO* b64 = BIO_new(BIO_f_base64()); BIO* bstdout = BIO_new_fp(stdout, BIO_NOCLOSE); bstdout = BIO_push(b64, bstdout); BIO_write(bstdout, sign, s); BIO_flush(bstdout); BIO_free_all(bstdout); // cleanup free(sign); ERR_remove_state(0); ERR_free_strings(); EVP_cleanup(); CONF_modules_free(); CRYPTO_cleanup_all_ex_data(); } Using this program I get the following output: enUqkBwItEkyodfDSXk2FJ1YmGl1oX+jNg/N7dDFil0v4PtHCGMB1SqaMELGEfvL C+R7FVv2cDqU5Kglik5XWFyRukN5S97jWb3Ye9BbgWswlNNIdUtLZMl9FWOaqDnB 1UhZEhaav+yskidlqX261nYCpzBEWdFdGnVxNMLoafA= However, when using the rsautl utility as follows, the result is different: $ printf de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 | \ openssl rsautl -sign -inkey ./private.pem | \ openssl enc -base64 FoP7JQNO7U5PgeChqArv4072avjK9/EOhZvhPpMtDtL5fWFb6+OzUSXdSBHDXDqG RCDOH3RU8EABzO4Tk66lUa9400KFGPw0fupSedlwIWlGgy/wtydEr2sV2rOW9aBh 170GYbbs6rjEsInWo2KXChkNXi4uib4I45ZaLNC5Ib4= Am I missing something? AFAIK the default digest is SHA1, but I also tried playing around with others (MD5, SHA256) and EVP_PKEY_get_default_digest(), but still the result was different from the one obtained with rsautl. Any help would be greatly appreciated. As well as the points other people have raised you're actually signing things in two different ways. Your program hashes and signs the data whereas your command line version just signs the raw data. If you want to hash and sign on the command line you need the dgst utility and its -sign option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: signing data
Ø No new line added. As I already suggested, it's an implicit NULL terminator in the C string literal in the C program. Of rats, of course you're right. The proper thing to do is sizeof ... -1 /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384
Hi, Could you help where do i need to change the method from TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to be addresses? -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl_connect fails Windows Non-blocking
More info: Client SSL log: [SSL_connect:before/connect initialization] [SSL_connect:SSLv2/v3 write client hello A] [SSL_connect:Error en SSLv2/v3 read server hello A] [SSL_connect:SSLv3 read server hello A] [SSL_connect:SSLv3 read server certificate A] [SSL_connect:SSLv3 read server key exchange A] [SSL_connect:SSLv3 read server done A] [SSL_connect:SSLv3 write client key exchange A] [SSL_connect:SSLv3 write change cipher spec A] [SSL_connect:SSLv3 write finished A] [SSL_connect:SSLv3 flush data] [SSL_connect:Error en SSLv3 read finished A] [SSL_connect:Error en SSLv3 read finished A] ***ERROR: ssl_connect - error 5 - here it's the problem Server SSL log: [SSL_accept:before/accept initialization] [SSL_accept:SSLv3 read client hello A] [SSL_accept:SSLv3 write server hello A] [SSL_accept:SSLv3 write certificate A] [SSL_accept:SSLv3 write key exchange A] [SSL_accept:SSLv3 write server done A] [SSL_accept:SSLv3 flush data] [SSL_accept:Error en SSLv3 read client certificate A] Client SSL works with same certificate in another server, and Server SSL works with same certificate being attacked by another client. -- View this message in context: http://openssl.6102.n7.nabble.com/ssl-connect-fails-Windows-Non-blocking-tp45348p45463.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Safe to use SSL_peek?
Hi all, Is SSL_peek() safe to use? I don't see it advertised as such, via man-pages, but I do see the following in the 1.0.1c changelog: Fix SSL_peek: Both ssl2_peek and ssl3_peek, which were totally broken in earlier releases, have been re-implemented by renaming the previous implementations of ssl2_read and ssl3_read to ssl2_read_internal and ssl3_read_internal, respectively, and adding 'peek' parameters to them. The new ssl[23]_{read,peek} functions are calls to ssl[23]_read_internal with the 'peek' flag set appropriately. A 'peek' parameter has also been added to ssl3_read_bytes, which does the actual work for ssl3_read_internal. The reason I'd rather use SSL_peek() than SSL_read() is that I am reading off bytes from an SSL socket and then handing it off to another socket -- and if this latter socket operation fails, I don't want to be stuck with orphan bytes (read off the first SSL socket) that I'd then need to track myself. Thanks -- -Vivek