subject:"Signing a file using HMAC"

Re: Signing a file using HMAC

2009-08-20 Thread Michael Sierchio

toby.wa...@fxhome.com wrote:
> Hello,
> 
> I am using the dgst command to sign a file, I'm also using the -hmac
> option. I then want to verify the signature by decrypting it and
> checking the hash. The problem is the hash never seems to match.

It's unclear to me what you are trying to accomplish conceptually.
HMAC has nothing to do with signing, but is a keyed hash used as
an authenticator for (possibly) pairwise message authentication.  It
cannot function as a signature, because it cannot be verified by
a third party.   Pick one.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Signing a file using HMAC

2009-08-20 Thread toby . walsh


Hello,

I am using the dgst command to sign a file, I'm also using the -hmac
option. I then want to verify the signature by decrypting it and
checking the hash. The problem is the hash never seems to match.

For example, if i sign the string "foo" I get the hash below

$ echo foo | openssl dgst -sha512 -hmac bar
3e45850d52569540b8c162069831869e867dc46efb753ec0dac42c7a88b14f6a56e1ce54b1b75564acf056d5faedd82f859b8bf8430a7b275704de3651f07eee

However, if I do the same thing, but sign it and then decrypt it, I
get a completely different hash

$ echo foo | openssl dgst -sha512 -hmac bar -sign priv | openssl
rsautl -verify -inkey priv | openssl asn1parse -inform DER
0:d=0  hl=2 l=  81 cons: SEQUENCE
2:d=1  hl=2 l=  13 cons: SEQUENCE
4:d=2  hl=2 l=   9 prim: OBJECT:sha512
   15:d=2  hl=2 l=   0 prim: NULL
   17:d=1  hl=2 l=  64 prim: OCTET STRING  [HEX
DUMP]:DEEF13827724A82A7FAA3C89F46145A41FE983380B5479A9488A9C7728557BCAF96FE2DE6A1CFFC38384F4160D446BD51E82098BDD1B55A1B1EA49B9A8B2C199

If I don't use the hmac option then the hashes are always the same.

$ echo foo | openssl dgst -sha512
0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6

$ echo foo | openssl dgst -sha512 -sign priv | openssl rsautl -verify -
inkey priv | openssl asn1parse -inform DER
0:d=0  hl=2 l=  81 cons: SEQUENCE
2:d=1  hl=2 l=  13 cons: SEQUENCE
4:d=2  hl=2 l=   9 prim: OBJECT:sha512
   15:d=2  hl=2 l=   0 prim: NULL
   17:d=1  hl=2 l=  64 prim: OCTET STRING  [HEX DUMP]:
0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6

I know I could verify the signature using the -verify option of the
dgst command (which works). But the project I'm working on is unable
to use openssl for the verification part. So I need to hash that
openssl generates to be something predictable.

I'm using OpenSSL 0.9.8k 25 Mar 2009, on linux

Any help would be appreciated

Toby
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Signing a file using HMAC

Signing a file using HMAC

2 matches

Site Navigation

Mail list logo

Footer information