Verifying hex sha1 signature
Using the openssl command-line tool, how can I verify a hexadecimal sha1 signature (i.e., the output of openssl sha1 -sign -hex ...)? I can verify a binary signature, but for my application I need to use plain text. I could use openssl base64 to encode and decode the binary signature, but I'd rather use the hex signature directly. If this isn't possible, how is the ability to generate the signature in hexadecimal useful? Here's a shell script that demonstrates the problem: == CUT HERE == #!/bin/sh try() { echo % $@ $@ || echo Failed: exit $? } echo 'Hello, world' foo.txt try cat foo.txt try openssl version echo '' echo '... Generating private and public RSA keys ...' try openssl genrsa -out rsa-privkey try openssl rsa -in rsa-privkey -pubout -out rsa-pubkey echo '' echo '... Generating binary sha1 signature ...' try openssl sha1 -sign rsa-privkey -out foo.bin foo.txt echo '' echo '... Verifying binary sha1 signature ...' try openssl sha1 -verify rsa-pubkey -signature foo.bin foo.txt echo '' echo '... Generating hex sha1 signature ...' try openssl sha1 -sign rsa-privkey -hex -out foo.hex foo.txt echo '' echo '... Verifying hex sha1 signature ...' try openssl sha1 -verify rsa-pubkey -signature foo.hex foo.txt echo '' echo '... Verifying hex sha1 signature (using -hex) ...' try openssl sha1 -verify rsa-pubkey -hex -signature foo.hex foo.txt == AND HERE == And here's the output (including messages sent to stderr): == CUT HERE == % cat foo.txt Hello, world % openssl version OpenSSL 0.9.8d 28 Sep 2006 ... Generating private and public RSA keys ... % openssl genrsa -out rsa-privkey Generating RSA private key, 512 bit long modulus .. e is 65537 (0x10001) % openssl rsa -in rsa-privkey -pubout -out rsa-pubkey writing RSA key ... Generating binary sha1 signature ... % openssl sha1 -sign rsa-privkey -out foo.bin foo.txt ... Verifying binary sha1 signature ... % openssl sha1 -verify rsa-pubkey -signature foo.bin foo.txt Verified OK ... Generating hex sha1 signature ... % openssl sha1 -sign rsa-privkey -hex -out foo.hex foo.txt ... Verifying hex sha1 signature ... % openssl sha1 -verify rsa-pubkey -signature foo.hex foo.txt Verification Failure Failed: exit 1 ... Verifying hex sha1 signature (using -hex) ... % openssl sha1 -verify rsa-pubkey -hex -signature foo.hex foo.txt Verification Failure Failed: exit 1 == AND HERE == I get the same result with the latest snapshot (openssl-SNAP-20070118.tar.gz). -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying that a private key and certificate match
On Mon 07-02-19 16:11, Julius Davies wrote: RSA keypair, right? If so, compare that the modulus of both the certificate and the private key is equal. These two commands do the trick: openssl x509 -in cert.pem -modulus -noout openssl rsa -in rsa.pem -modulus -noout If on Unix, I imagine you can do this (ahhh... the glorious back-tick!): TEST1=`openssl x509 -in cert.pem -modulus -noout` TEST2=`openssl rsa -in rsa.pem -modulus -noout` if [ $TEST1 = $TEST2 ]; then echo 'equal'; else echo 'not equal'; fi; Be careful about doing this as part of an automated process. If both commands encounter errors, they'll print error messages on stderr, and $TEST1 and $TEST2 will both be empty (and therefore equal). You can redirect stderr to a file or to /dev/null, and check the value of $? after each command. (Is it okay to only check the modulus? The public exponent can be ignored? Is it always Exponent: 65537 (0x10001)?) I don't know. -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 2 is not prime?
On Mon 07-03-05 14:06, Brandon Ooi wrote: Sorry if this is a dumb question but I couldn't find the openssl bugzilla (or equivalent) to look for this. I was using openssl to check primes and kept running into these weird issues until I found this... $ openssl version OpenSSL 0.9.7f 22 Mar 2005 $ openssl prime 2 2 is not prime But.. 2 is prime right? Yes. Anyways, it's not a huge issue but this could be a bigger bug? I don't know, but appears to have been fixed in 0.9.8b: $ for ver in 0.9.7m 0.9.8 0.9.8a 0.9.8b ; do /usr/local/apps/openssl-$ver/bin/openssl version /usr/local/apps/openssl-$ver/bin/openssl prime 2 done OpenSSL 0.9.7m 23 Feb 2007 2 is not prime OpenSSL 0.9.8 05 Jul 2005 2 is not prime OpenSSL 0.9.8a 11 Oct 2005 2 is not prime OpenSSL 0.9.8b 04 May 2006 2 is prime $ -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Post
On Wed 07-05-09 17:52, Michael Fedor wrote: How can I delete any post that have my email address. [EMAIL PROTECTED] there is data that should not be out on the net You may or may not be able to persuade the list maintainer to delete your posts, but it won't do you much good. I have my own copies of a number of things you've posted to this list, and I have no plans to delete them (nor do I plan to do anything nefarious with them). Even if I did delete the messages, I'm sure they exist on backups. And that's just me; I'm sure the same is true of however many other people subscribe to this list. And Google and other services may have cached copies of the web pages containing the list archives. If you've posted unsafe information to this list, you need to render it safe (revoke certificates, change passphrases, whatever it takes). And since you've now publicly called attention to the fact that this information is out there, I suggest you do so as soon as possible. -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Diff between OpenSSL 0.9.7 and 0.9.8?
On Sat 07-05-19 10:59, Xiaoyu Ruan wrote: I just have one quick question: what are the major differences between 0.9.7 and 0.9.8 tracks? OpenSSL maintains both tracks so there must be some reason.. Thanks. See http://www.openssl.org/news/news.html, or the NEWS file from any openssl-0.9.8*.tar.gz source distribution; look for Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8. -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unsigned CRL
On Sat 07-09-29 08:44, BSC wrote: Bernhard Froehlich wrote: BSC schrieb: I need to generate unsigned (not signed by any certificate) CRL How can I do this? Maybe it is possible to crack signed CRL and eraze a signature? I cannot imagine any use for an unsigned CRL, since everyone could forge such a CRL. So I doubt it is possible to generate one that is understood by any SSL application. Thanks but it's not the answer I've been loocking for (( Perhaps not, but it's probably the best and most accurate answer you're going to get. *Why* do you want an unsigned CRL? What would such a thing give you that a standard signed CRL would not? How do you expect to use it, given that most or all of the software that uses CRLs requires a verified signature? A CRL is basically a list of certificate serial numbers with a cryptographic signature. It sounds like what you're looking for is just a list of serial numbers. You can easily extract such a list by running the command openssl crl -in CRL-FILENAME -noout -text and perhaps massaging the output. The result isn't strictly speaking a CRL at all, but perhaps it's what you're looking for. -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA1 checksum mismatch on openssl-0.9.8f tarball
On Fri 07-10-12 16:18, Lasse Kliemann wrote: The file at http://www.openssl.org/./source/openssl-0.9.8f.tar.gz.sha1 contains the checksum 0a0a3fd9be3d46053df2e91b6eb8a3b4348c793c whereas the file at http://www.openssl.org/source/openssl-0.9.8f.tar.gz (even after repeated download) has SHA1 checksum e8716370093b112763ace0c66c06a0d6049e413b The published OpenPGP signature http://www.openssl.org/source/openssl-0.9.8f.tar.gz.asc was made with key 0x2719AF35 and matches for the tarball. But previous releases were signed with key 0xF295C759. This looks kind of suspicious to me. However, why would an attacker replace the OpenPGP signature and not the SHA1 checksum? Hopefully, there is a simple explanation for this. That's not the only problem. As of a few minutes ago, there were two versions of the openssl-0.9.8f.tar.gz.asc file, one on the ftp server and another on the web server. Both are signed by the same key (which is *not* the key used for previous releases), but the one on the ftp server is incorrect. But that appears to have been corrected now (while I was writing this message). Also, the openssl-0.9.8f.tar.gz.asc file is actually a *binary* signature, not an ASCII signature as the name implies. (Previous *.asc files have been ASCII signatures.) -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SHA1 checksum mismatch on openssl-0.9.8f tarball
On Fri 07-10-12 15:02, Keith Thompson wrote: [...] That's not the only problem. As of a few minutes ago, there were two versions of the openssl-0.9.8f.tar.gz.asc file, one on the ftp server and another on the web server. Both are signed by the same key (which is *not* the key used for previous releases), but the one on the ftp server is incorrect. But that appears to have been corrected now (while I was writing this message). Also, the openssl-0.9.8f.tar.gz.asc file is actually a *binary* signature, not an ASCII signature as the name implies. (Previous *.asc files have been ASCII signatures.) The key used to generate openssl-0.9.8f.tar.gz.asc (key ID 2719AF35) appears to belong to Ben Laurie, who is a member of the OpenSSL core team, but it's not the same key advertised on http://openssl.org/about/ (key ID 2118CF83). -- Keith Thompson [EMAIL PROTECTED] San Diego Supercomputer Center http://users.sdsc.edu/~kst/ 858-822-0853 We must do something. This is something. Therefore, we must do this. -- Antony Jay and Jonathan Lynn, Yes Minister __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]