RE: Data and Signature (envelope)
From: owner-openssl-us...@openssl.org On Behalf Of redpath Sent: Thursday, 25 April, 2013 09:40 To: openssl-users@openssl.org Subject: Re: Data and Signature (envelope) I looked at the latest smsign.c shown below modified with a large data item. The result is still a detached and quite small like a signature. The flag changed and yet nothing different. It should be quite large. snip Your code works for me, with one change to use my data file, on (home) Vista with ShiningLight 1.0.0e and mingw gcc. Are you by any chance also working on Windows? Remember that on Windows C implementations (except maybe cygwin, I'm not sure) open mode r means a text file, which is truncated at any 0x1A (^Z) byte. PDF's are usually compressed and compressed data is practically certain to contain 0x1A bytes here and there. To handle compressed or other binary data use rb. If you want to see what is actually in your generated object take the body part (i.e. skip the S/MIME headers) and feed it as input to commandline asn1parse. If your contained data is compressed it will display as unreadable gibberish, but you can see something is there and get some idea how big it is. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I thought the PKCS7 was the way to go thanks. Yes the command line is confusing as to what the PKCS7 can provide and thats what was a paradox to me. Any pointers to PKCS7 example code inserting objects and extracted them would be appreciated and I do use the men_bio nicely. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44898.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I took the sign.c example and modified it slightly to use artifacts I have, but it seems the result just produces a PKCS7 that has a signature? I want to have the data (PDF or JPG) in there as I need to use it after validating that it is trusted. Basically I have a piece of data and a signature and want to envelope it in something for best practices. Otherwise I simply send the data and the signature and validate trust and use the data. I have to get the data out of the PKCS7 and use it just having a signature is not very useful for m. Is there something I am missing? The code I modified is shown below which is basically sign.c, get my private key and a x509 sign the data but hey I need the data int there too to extract later. //cc -o sign -Wno-deprecated-declarations sign.c -lcrypto #include stdio.h #include string.h #include openssl/bio.h #include openssl/x509.h #include openssl/pem.h #include openssl/err.h int main(argc,argv) int argc; char *argv[]; { X509 *x509; EVP_PKEY *pkey; PKCS7 *p7; PKCS7_SIGNER_INFO *si; BIO *in; BIO *data,*p7bio; char buf[1024*4]; int i; int nodetach=0; #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); #endif #ifndef OPENSSL_NO_SHA1 EVP_add_digest(EVP_sha1()); #endif #ifndef OPENSSL_NO_MDC2 EVP_add_digest(EVP_mdc2()); #endif data=BIO_new(BIO_s_file()); again: if (argc 1) { if (strcmp(argv[1],-nd) == 0) { nodetach=1; argv++; argc--; goto again; } if (!BIO_read_filename(data,argv[1])) goto err; } else BIO_set_fp(data,stdin,BIO_NOCLOSE); /** * Get our private key as it will be used from some other PKCS7 function later I assume to sign data? **/ FILE * fp =fopen(rsa.pem.0, rb); if (fp==NULL){ printf(NULL fp \n); return 1; } EVP_PKEY *pevpkey= PEM_read_PrivateKey(fp, NULL, NULL, NULL); if (pevpkey==NULL){ printf(PEM for read private failed\n); return 1; } else printf(PEM for read private SUCCESS\n); fclose(fp); if ((in=BIO_new_file(RSApublic.x509.0.cert,r)) == NULL) goto err; if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; //BIO_reset(in); //if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; BIO_free(in); p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); si=PKCS7_add_signature(p7,x509,pevpkey,EVP_sha1()); if (si == NULL) goto err; /* If you do this then you get signing time automatically added */ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); /* USE THIS TO ADD a X509 if you wish to the PKCS7*/ // PKCS7_add_certificate(p7,x509); /* Set the content of the signed to 'data' */ PKCS7_content_new(p7,NID_pkcs7_data); // if (!nodetach) PKCS7_set_detached(p7,1); if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; printf(%d \n,BIO_write(p7bio,buf,i) ); } if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44901.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
On 4/25/2013 1:13 PM, redpath wrote: I took the sign.c example and modified it slightly to use artifacts I have, but it seems the result just produces a PKCS7 that has a signature? I want to have the data (PDF or JPG) in there as I need to use it after validating that it is trusted. Basically I have a piece of data and a signature and want to envelope it in something for best practices. Otherwise I simply send the data and the signature and validate trust and use the data. I have to get the data out of the PKCS7 and use it just having a signature is not very useful for m. In other words you want to produce a non-detached PKCS7 SignedData structure, not a detached one, to use the official names from the standards. Is there something I am missing? The code I modified is shown below which is basically sign.c, get my private key and a x509 sign the data but hey I need the data int there too to extract later. I am not sure, maybe someone else can point out what parameters and options to pass to the PKCS7_* functions to produce a non-detached signature. I'll leave in your code to keep specific answers on this in context. //cc -o sign -Wno-deprecated-declarations sign.c -lcrypto #include stdio.h #include string.h #include openssl/bio.h #include openssl/x509.h #include openssl/pem.h #include openssl/err.h int main(argc,argv) int argc; char *argv[]; { X509 *x509; EVP_PKEY *pkey; PKCS7 *p7; PKCS7_SIGNER_INFO *si; BIO *in; BIO *data,*p7bio; char buf[1024*4]; int i; int nodetach=0; #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); #endif #ifndef OPENSSL_NO_SHA1 EVP_add_digest(EVP_sha1()); #endif #ifndef OPENSSL_NO_MDC2 EVP_add_digest(EVP_mdc2()); #endif data=BIO_new(BIO_s_file()); again: if (argc 1) { if (strcmp(argv[1],-nd) == 0) { nodetach=1; argv++; argc--; goto again; } if (!BIO_read_filename(data,argv[1])) goto err; } else BIO_set_fp(data,stdin,BIO_NOCLOSE); /** * Get our private key as it will be used from some other PKCS7 function later I assume to sign data? **/ FILE * fp =fopen(rsa.pem.0, rb); if (fp==NULL){ printf(NULL fp \n); return 1; } EVP_PKEY *pevpkey= PEM_read_PrivateKey(fp, NULL, NULL, NULL); if (pevpkey==NULL){ printf(PEM for read private failed\n); return 1; } else printf(PEM for read private SUCCESS\n); fclose(fp); if ((in=BIO_new_file(RSApublic.x509.0.cert,r)) == NULL) goto err; if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; //BIO_reset(in); //if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; BIO_free(in); p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); si=PKCS7_add_signature(p7,x509,pevpkey,EVP_sha1()); if (si == NULL) goto err; /* If you do this then you get signing time automatically added */ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); /* USE THIS TO ADD a X509 if you wish to the PKCS7*/ // PKCS7_add_certificate(p7,x509); /* Set the content of the signed to 'data' */ PKCS7_content_new(p7,NID_pkcs7_data); // if (!nodetach) PKCS7_set_detached(p7,1); if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; printf(%d \n,BIO_write(p7bio,buf,i) ); } if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
Exactly a non-detached, I see the constant detached and thought thats what it meant but that road lead nowhere, so if anyone has pointers how to make a non-detacched or modify below that would be great. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44904.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
On Thu, Apr 25, 2013, redpath wrote: I took the sign.c example and modified it slightly to use artifacts I have, but it seems the result just produces a PKCS7 that has a signature? I want to have the data (PDF or JPG) in there as I need to use it after validating that it is trusted. That's rather an ancient example. It would be better to rely on the high level APIs and demos. See demos/smime and demos/cms for example. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
On Thu, Apr 25, 2013, Viktor Dukhovni wrote: On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote: I am assuming RSA though I would like to do ECDSA. These APIs will use any privatekey for which a signature scheme is available; that's RSA DSA ECDSA (or pedantically EC; openssl uses the same EC_KEY struct for ECDSA and ECDH). (In general openssl routines using EVP_PKEY will handle many key types, that's exactly what the EVP level is for.) For some time CMS did not support ECDSA (recipient public keys), only RSA was supported. Has that changed recently? One needs to recipient public keys to encrypt the message key to each recipient, which is different from the sender key used for signing. There was no code for that last time I looked, is there a suitable standard for using ECDSA with CMS recipients? I just tried with 1.0.1e and could only encrypt to an RSA recipient. OpenSSL doesn't currentliy support ECDH with the eneveloped data type. It does support ECDSA for sign/verify. I'll be looking into adding support in future. It would help a great deal if I had some test vectors (e.g. sample of messages and appropriate keys) for ECDH for interop testing. Anyone who has any either post links to them in the list or if you prefer send them to me privately. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I looked at the latest smsign.c shown below modified with a large data item. The result is still a detached and quite small like a signature. The flag changed and yet nothing different. It should be quite large. All I see is the API to soign p7 = PKCS7_sign(scert, skey, NULL, in, flags); and tried to do some data content with only core dumps, so what modification do I have to do to store objects I can get later from the PKCS7? #include openssl/pem.h #include openssl/pkcs7.h #include openssl/err.h int main(int argc, char **argv) { BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *scert = NULL; EVP_PKEY *skey = NULL; PKCS7 *p7 = NULL; int ret = 1; /* For simple S/MIME signing use PKCS7_DETACHED. * On OpenSSL 0.9.9 only: * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM * for streaming non-detached set PKCS7_STREAM */ // int flags = PKCS7_DETACHED|PKCS7_STREAM; int flags = PKCS7_STREAM; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* Read in signer certificate and private key */ tbio = BIO_new_file(signer.pem, r); if (!tbio) goto err; scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); BIO_reset(tbio); skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); if (!scert || !skey) goto err; /* Open content being signed */ in = BIO_new_file(my.pdf, r); if (!in) goto err; /* Sign content */ p7 = PKCS7_sign(scert, skey, NULL, in, flags); if (!p7) goto err; out = BIO_new_file(smout.txt, w); if (!out) goto err; if (!(flags PKCS7_STREAM)) BIO_reset(in); /* Write out S/MIME message */ if (!SMIME_write_PKCS7(out, p7, in, flags)) goto err; ret = 0; err: if (ret) { fprintf(stderr, Error Signing Data\n); ERR_print_errors_fp(stderr); } if (p7) PKCS7_free(p7); if (scert) X509_free(scert); if (skey) EVP_PKEY_free(skey); if (in) BIO_free(in); if (out) BIO_free(out); if (tbio) BIO_free(tbio); return ret; } -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44912.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
2013/4/24 redpath redp...@us.ibm.com I have a piece of data like a JPG and a MD from it and a signature PKCS#1 from the MD. int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv) I send the data and the signature to someone to verify the data and they use it. Now maybe there is standard measure to package the data and the signature and that would be? x.509 (that does not make sense or does it) pkcs12 (maybe) so what would it be? Of course I have to figure out how to extract the info out of the new envelope; any suggestions? Have a look at CMS: http://www.ietf.org/rfc/rfc5652.txt https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax https://www.openssl.org/docs/apps/openssl.html HTH, Kris -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
I saw the CMS but I did not see how to store raw data which I need to extract? Lets assume the data was a JPG and I created signature from the MD (SHA1) how can I get the JPG use it and validate it. I looked at the PKCS7 and no mention of adding objects. Any example is best to learn assuming data (JPG) derived MD from it for a signature and I have a private key. I am assuming RSA though I would like to do ECDSA. -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44889.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Data and Signature (envelope)
From: owner-openssl-us...@openssl.org On Behalf Of redpath Sent: Wednesday, 24 April, 2013 18:10 I saw the CMS but I did not see how to store raw data which I need to extract? Lets assume the data was a JPG and I created signature from the MD (SHA1) how can I get the JPG use it and validate it. I looked at the PKCS7 and no mention of adding objects. The PKCS7_* API, and the newer and more complete CMS_* API, is designed to do most of the work for you. PKCS7_sign or CMS_sign takes the data as a BIO to allow streaming from a (large) file or pipe or such, but if you have your data in memory just use a mem-BIO; computes a signature* using a given privatekey and cert(s); and produces the result structure, or if streaming sets-up to produce it. * By default these APIs do the two level signature: hash the data, put that hash into AuthenticatedAttributes along with other stuff, hash AuthenticatedAttributes and pk-sign that hash. You can specify _NOATTR to reduce this to just hash the data and pk-sign that (first) hash. I hope you didn't mean the *commandline* utility pkcs7. Despite the name, that handles only p7b objects, i.e. degenerate PKCS7 containing no actual data or signature used only to transport cert(s) or (less often) CRL(s). To do proper-pkcs7 signed or encrypted at commandline, use smime or cms with format PEM or DER. Any example is best to learn assuming data (JPG) derived MD from it for a signature and I have a private key. If you really want to do it yourself, the older PKCS7_ module exposes the C structs, which you could fill in and then I think plain (nonstream) i2d_ or PEM_write_ should work, although I haven't tested. I am assuming RSA though I would like to do ECDSA. These APIs will use any privatekey for which a signature scheme is available; that's RSA DSA ECDSA (or pedantically EC; openssl uses the same EC_KEY struct for ECDSA and ECDH). (In general openssl routines using EVP_PKEY will handle many key types, that's exactly what the EVP level is for.) I still encounter a few reliers (or other systems) now and then who don't support ECDSA, though less than a few years ago. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Data and Signature (envelope)
On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote: I am assuming RSA though I would like to do ECDSA. These APIs will use any privatekey for which a signature scheme is available; that's RSA DSA ECDSA (or pedantically EC; openssl uses the same EC_KEY struct for ECDSA and ECDH). (In general openssl routines using EVP_PKEY will handle many key types, that's exactly what the EVP level is for.) For some time CMS did not support ECDSA (recipient public keys), only RSA was supported. Has that changed recently? One needs to recipient public keys to encrypt the message key to each recipient, which is different from the sender key used for signing. There was no code for that last time I looked, is there a suitable standard for using ECDSA with CMS recipients? I just tried with 1.0.1e and could only encrypt to an RSA recipient. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org