Verifying hex sha1 signature

2007-01-19 Thread Keith Thompson 
Using the openssl command-line tool, how can I verify a hexadecimal
sha1 signature (i.e., the output of openssl sha1 -sign -hex ...)?
I can verify a binary signature, but for my application I need to
use plain text.  I could use openssl base64 to encode and decode
the binary signature, but I'd rather use the hex signature directly.

If this isn't possible, how is the ability to generate the signature
in hexadecimal useful?

Here's a shell script that demonstrates the problem:
== CUT HERE ==
#!/bin/sh

try() {
echo % $@
$@ || echo Failed: exit $?
}

echo 'Hello, world'  foo.txt
try cat foo.txt

try openssl version
echo ''

echo '... Generating private and public RSA keys ...'
try openssl genrsa -out rsa-privkey
try openssl rsa -in rsa-privkey -pubout -out rsa-pubkey
echo ''

echo '... Generating binary sha1 signature ...'
try openssl sha1 -sign rsa-privkey -out foo.bin foo.txt
echo ''

echo '... Verifying binary sha1 signature ...'
try openssl sha1 -verify rsa-pubkey -signature foo.bin foo.txt
echo ''

echo '... Generating hex sha1 signature ...'
try openssl sha1 -sign rsa-privkey -hex -out foo.hex foo.txt
echo ''

echo '... Verifying hex sha1 signature ...'
try openssl sha1 -verify rsa-pubkey -signature foo.hex foo.txt
echo ''

echo '... Verifying hex sha1 signature (using -hex) ...'
try openssl sha1 -verify rsa-pubkey -hex -signature foo.hex foo.txt
== AND HERE ==

And here's the output (including messages sent to stderr):
== CUT HERE ==
% cat foo.txt
Hello, world
% openssl version
OpenSSL 0.9.8d 28 Sep 2006

... Generating private and public RSA keys ...
% openssl genrsa -out rsa-privkey
Generating RSA private key, 512 bit long modulus

..
e is 65537 (0x10001)
% openssl rsa -in rsa-privkey -pubout -out rsa-pubkey
writing RSA key

... Generating binary sha1 signature ...
% openssl sha1 -sign rsa-privkey -out foo.bin foo.txt

... Verifying binary sha1 signature ...
% openssl sha1 -verify rsa-pubkey -signature foo.bin foo.txt
Verified OK

... Generating hex sha1 signature ...
% openssl sha1 -sign rsa-privkey -hex -out foo.hex foo.txt

... Verifying hex sha1 signature ...
% openssl sha1 -verify rsa-pubkey -signature foo.hex foo.txt
Verification Failure
Failed: exit 1

... Verifying hex sha1 signature (using -hex) ...
% openssl sha1 -verify rsa-pubkey -hex -signature foo.hex foo.txt
Verification Failure
Failed: exit 1
== AND HERE ==

I get the same result with the latest snapshot
(openssl-SNAP-20070118.tar.gz).

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Verifying that a private key and certificate match

2007-02-19 Thread Keith Thompson 
On Mon 07-02-19 16:11, Julius Davies wrote:
 RSA keypair, right?  If so, compare that the modulus of both the
 certificate and the private key is equal.  These two commands do the
 trick:
 
 openssl x509 -in cert.pem -modulus -noout
 
 openssl rsa -in rsa.pem -modulus -noout
 
 
 If on Unix, I imagine you can do this (ahhh... the glorious back-tick!):
 
 TEST1=`openssl x509 -in cert.pem -modulus -noout`
 TEST2=`openssl rsa -in rsa.pem -modulus -noout`
 if [ $TEST1 = $TEST2 ]; then echo 'equal'; else echo 'not equal'; fi;

Be careful about doing this as part of an automated process.  If both
commands encounter errors, they'll print error messages on stderr,
and $TEST1 and $TEST2 will both be empty (and therefore equal).

You can redirect stderr to a file or to /dev/null, and check the
value of $? after each command.

 (Is it okay to only check the modulus?  The public exponent can be
 ignored?  Is it always Exponent: 65537 (0x10001)?)

I don't know.

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: 2 is not prime?

2007-03-05 Thread Keith Thompson 
On Mon 07-03-05 14:06, Brandon Ooi wrote:
 Sorry if this is a dumb question but I couldn't find the openssl 
 bugzilla (or equivalent) to look for this. I was using openssl to check 
 primes and kept running into these weird issues until I found this...
 
 $ openssl version
 OpenSSL 0.9.7f 22 Mar 2005
 $ openssl prime 2
 2 is not prime
 
 But.. 2 is prime right?

Yes.

 Anyways, it's not a huge issue but this could be a bigger bug?

I don't know, but appears to have been fixed in 0.9.8b:

$ for ver in 0.9.7m 0.9.8 0.9.8a 0.9.8b ; do
 /usr/local/apps/openssl-$ver/bin/openssl version
 /usr/local/apps/openssl-$ver/bin/openssl prime 2
 done
OpenSSL 0.9.7m 23 Feb 2007
2 is not prime
OpenSSL 0.9.8 05 Jul 2005
2 is not prime
OpenSSL 0.9.8a 11 Oct 2005
2 is not prime
OpenSSL 0.9.8b 04 May 2006
2 is prime
$ 

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Post

2007-05-09 Thread Keith Thompson 
On Wed 07-05-09 17:52, Michael Fedor wrote:
 How can I delete any post that have my email address. 
 [EMAIL PROTECTED]
 there is data that should not be out on the net

You may or may not be able to persuade the list maintainer to delete
your posts, but it won't do you much good.  I have my own copies of
a number of things you've posted to this list, and I have no plans
to delete them (nor do I plan to do anything nefarious with them).
Even if I did delete the messages, I'm sure they exist on backups.
And that's just me; I'm sure the same is true of however many other
people subscribe to this list.  And Google and other services may
have cached copies of the web pages containing the list archives.

If you've posted unsafe information to this list, you need to render
it safe (revoke certificates, change passphrases, whatever it takes).
And since you've now publicly called attention to the fact that this
information is out there, I suggest you do so as soon as possible.

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Diff between OpenSSL 0.9.7 and 0.9.8?

2007-05-19 Thread Keith Thompson 
On Sat 07-05-19 10:59, Xiaoyu Ruan wrote:
 I just have one quick question: what are the major differences between
 0.9.7 and 0.9.8 tracks? OpenSSL maintains both tracks so there must be
 some reason.. Thanks.

See http://www.openssl.org/news/news.html, or the NEWS file
from any openssl-0.9.8*.tar.gz source distribution; look for
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8.

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Unsigned CRL

2007-09-29 Thread Keith Thompson 
On Sat 07-09-29 08:44, BSC wrote:
 Bernhard Froehlich wrote:
  BSC schrieb:
  I need to generate unsigned (not signed by any certificate) CRL
 
  How can I do this? Maybe it is possible to crack signed CRL and eraze a
  signature?

  I cannot imagine any use for an unsigned CRL, since everyone could forge 
  such a CRL. So I doubt it is possible to generate one that is understood 
  by any SSL application.
 
 Thanks but it's not the answer I've been loocking for ((

Perhaps not, but it's probably the best and most accurate answer
you're going to get.

*Why* do you want an unsigned CRL?  What would such a thing give you
that a standard signed CRL would not?  How do you expect to use it,
given that most or all of the software that uses CRLs requires a
verified signature?

A CRL is basically a list of certificate serial numbers with a
cryptographic signature.  It sounds like what you're looking for is
just a list of serial numbers.  You can easily extract such a list
by running the command

openssl crl -in CRL-FILENAME -noout -text

and perhaps massaging the output.  The result isn't strictly speaking
a CRL at all, but perhaps it's what you're looking for.

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: SHA1 checksum mismatch on openssl-0.9.8f tarball

2007-10-12 Thread Keith Thompson 
On Fri 07-10-12 16:18, Lasse Kliemann wrote:
 The file at
 http://www.openssl.org/./source/openssl-0.9.8f.tar.gz.sha1
 contains the checksum
 
0a0a3fd9be3d46053df2e91b6eb8a3b4348c793c
 
 whereas the file at http://www.openssl.org/source/openssl-0.9.8f.tar.gz (even 
 after repeated download) has SHA1 checksum
 
e8716370093b112763ace0c66c06a0d6049e413b
 
 The published OpenPGP signature 
 http://www.openssl.org/source/openssl-0.9.8f.tar.gz.asc was made with key 
 0x2719AF35 and matches for the tarball. But previous releases were signed 
 with key 0xF295C759.
 
 This looks kind of suspicious to me. However, why would an attacker replace 
 the OpenPGP signature and not the SHA1 checksum?
 
 Hopefully, there is a simple explanation for this.

That's not the only problem.  As of a few minutes ago, there were
two versions of the openssl-0.9.8f.tar.gz.asc file, one on the ftp
server and another on the web server.  Both are signed by the same key
(which is *not* the key used for previous releases), but the one on
the ftp server is incorrect.  But that appears to have been corrected
now (while I was writing this message).

Also, the openssl-0.9.8f.tar.gz.asc file is actually a *binary*
signature, not an ASCII signature as the name implies.  (Previous *.asc
files have been ASCII signatures.)

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: SHA1 checksum mismatch on openssl-0.9.8f tarball

2007-10-12 Thread Keith Thompson 
On Fri 07-10-12 15:02, Keith Thompson wrote:
[...]
 That's not the only problem.  As of a few minutes ago, there were
 two versions of the openssl-0.9.8f.tar.gz.asc file, one on the ftp
 server and another on the web server.  Both are signed by the same key
 (which is *not* the key used for previous releases), but the one on
 the ftp server is incorrect.  But that appears to have been corrected
 now (while I was writing this message).
 
 Also, the openssl-0.9.8f.tar.gz.asc file is actually a *binary*
 signature, not an ASCII signature as the name implies.  (Previous *.asc
 files have been ASCII signatures.)

The key used to generate openssl-0.9.8f.tar.gz.asc (key ID
2719AF35) appears to belong to Ben Laurie, who is a member of
the OpenSSL core team, but it's not the same key advertised on
http://openssl.org/about/ (key ID 2118CF83).

-- 
Keith Thompson [EMAIL PROTECTED]  San Diego Supercomputer Center
http://users.sdsc.edu/~kst/  858-822-0853
We must do something.  This is something.  Therefore, we must do this.
-- Antony Jay and Jonathan Lynn, Yes Minister
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]