[openssl-users] (no subject)

2017-05-15 Thread CÔNG NGUYỄN VĂN 
Nguyễn Văn Công.pdf




-- 
Nguyễn Văn Công
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] gpgsm/openssl cms detached signatures verification fails

2017-05-15 Thread Jakob Bohm 

On 15/05/2017 17:54, Andreas Fenkart wrote:

Hi list,
I'm experimenting with openssl/gnupg interoperability. It seems the
least common multiple is cms. I didn't find a way to produce output
with opengpg to work with 'openssl dgst' directly. Am I wrong, is
there a simpler way?
...
The :messageDigest hash codes are the same for detached/non-detached
but the :rsaEncryption differ (salt, timestamp?) The messageDigest
does not match the output from sha256sum

Repeating the some for the gpgsm genarated signatures, I can see that
the messageDigest matches directly the output of sha256sum.

So openssl cms/gpgsm compute the sha256sum differently in the detached case.
Is there a hidden flag to make either tool behave like the other?

Look at the documentation of the openssl cms "-inform SMIME",
"-outform SMIME" and "-binary" options.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] gpgsm/openssl cms detached signatures verification fails

2017-05-15 Thread Andreas Fenkart 
Hi list,
I'm experimenting with openssl/gnupg interoperability. It seems the
least common multiple is cms. I didn't find a way to produce output
with opengpg to work with 'openssl dgst' directly. Am I wrong, is
there a simpler way?

generate gpgsm keyring: https://lists.gt.net/gnupg/devel/53489
$ gpgsm --generate-key > x.pem; CN=Joe, O=Corp, C=unv
$ gpgsm --import x.pem
$ gpgsm -a --output pub.pem --export 0x3E3AB34C

GNUPG -> OPENSSL:

it works when using non-detached signatures
$ gpgsm -as -o somefile.sig somefile
$ sed -i 's/SIGNED MESSAGE/CMS/' somefile.sig
$ openssl cms -verify -in somefile.sig -inform PEM -certfile pub.pem -noverify
Verification successful

But fails when using detached signatures:
$ gpgsm -asb -o somefile.sig somefile
$ sed -i 's/SIGNED MESSAGE/CMS/' somefile.sig
$ openssl cms -verify -in somefile.sig -inform PEM -content somefile
-certfile pub.pem -noverify

OPENSSL -> GNUPG:

create key:
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout mycert.key.pem \
-out mycert.cert.pem -subj "/O=SWUpdate /CN=target"
$ gpgsm --import mycert.cert.pem

again works with non-detached signature:
$ openssl cms -sign -in somefile -out somefile.sig -nodetach \
  -signer mycert.cert.pem -inkey mycert.key.pem -outform PEM -nosmimecap
$ gpgsm --disable-crl-checks --verify somefile.sig
gpgsm: Good signature from "/CN=target/O= SWUpdate"

and fails with detached signatures:
$ openssl cms -sign -in somefile -out somefile.sig \
  -signer mycert.cert.pem -inkey mycert.key.pem -outform PEM -nosmimecap

$ gpgsm --disable-crl-checks --verify somefile.sig somefile
gpgsm: Signature made 2017-05-15 14:44:36 using certificate ID 0x5F7C51D8
gpgsm: invalid signature: message digest attribute does not match computed one

COMPARING ASN1 output:

I parsed the signatures using asn1parse, then compared the outputs:
$ openssl asn1parse -in somefile.sig

  998:d=7  hl=2 l=   9 prim: OBJECT:messageDigest
   1009:d=7  hl=2 l=  34 cons: SET
   1011:d=8  hl=2 l=  32 prim: OCTET STRING  [HEX
DUMP]:CC83AEAE49B66CCADA3DFFEB87E27AF53D99437F5E24485D31F4F11BF092FA6D
   1045:d=5  hl=2 l=  13 cons: SEQUENCE
   1047:d=6  hl=2 l=   9 prim: OBJECT:rsaEncryption
   1058:d=6  hl=2 l=   0 prim: NULL
   1060:d=5  hl=4 l= 256 prim: OCTET STRING  [HEX
DUMP]:7440A9007CACDD5484076661B57181AE64249506FF631CFF1EE5B0D74CBD431D9AB57533E44BE6B56F2D18DF52ED9B24C6DD040B6E8F9B3A6F1E3

The :messageDigest hash codes are the same for detached/non-detached
but the :rsaEncryption differ (salt, timestamp?) The messageDigest
does not match the output from sha256sum

Repeating the some for the gpgsm genarated signatures, I can see that
the messageDigest matches directly the output of sha256sum.

So openssl cms/gpgsm compute the sha256sum differently in the detached case.
Is there a hidden flag to make either tool behave like the other?

/Andi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-15 Thread Dr. Stephen Henson 
On Mon, May 15, 2017, RudyAC wrote:

> Hello Steve,
> 
> first of all thanks for helpful advice. When printing out all the fields of
> the message with the openssl command
> I got for every recipient two blocks. One block includes the OAEP padding
> and the other block (same recipient) includes the default padding.
> 
> d.ktri: 
> version: 
> d.issuerAndSerialNumber: 
>   issuer: C=DE, O=extern, OU=host3, CN=CA - host3
>   serialNumber: 12302977334217659119
> keyEncryptionAlgorithm: 
>   algorithm: rsaEncryption (1.2.840.113549.1.1.1)
>   parameter: NULL
> 
> d.ktri: 
> version: 
> d.issuerAndSerialNumber: 
>   issuer: C=DE, O=extern, OU=host3, CN=CA - host3
>   serialNumber: 12302977334217659119
> keyEncryptionAlgorithm: 
>   algorithm: rsaesOaep (1.2.840.113549.1.1.7)
>   parameter: SEQUENCE:
> 0:d=0  hl=2 l=  43 cons: SEQUENCE  
> 2:d=1  hl=2 l=  13 cons:  cont [ 0 ]
> 4:d=2  hl=2 l=  11 cons:   SEQUENCE  
> 6:d=3  hl=2 l=   9 prim:OBJECT:sha256
>17:d=1  hl=2 l=  26 cons:  cont [ 1 ]
>19:d=2  hl=2 l=  24 cons:   SEQUENCE  
>21:d=3  hl=2 l=   9 prim:OBJECT:mgf1
>32:d=3  hl=2 l=  11 cons:SEQUENCE  
>34:d=4  hl=2 l=   9 prim: OBJECT:sha256
> 
> How can I make sure that only the OAEP padding is used?
> 

What code are you using? The original you posted had a bug:

   CMS_final(cms, in, NULL, nflags);

/* encrypt content */
cms = CMS_encrypt(encerts, in, cipher, flags);

Which will overwrite the created cms structure.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] RSA_PKCS1_OAEP_PADDING

2017-05-15 Thread RudyAC 
Hello Steve,

first of all thanks for helpful advice. When printing out all the fields of
the message with the openssl command
I got for every recipient two blocks. One block includes the OAEP padding
and the other block (same recipient) includes the default padding.

d.ktri: 
version: 
d.issuerAndSerialNumber: 
  issuer: C=DE, O=extern, OU=host3, CN=CA - host3
  serialNumber: 12302977334217659119
keyEncryptionAlgorithm: 
  algorithm: rsaEncryption (1.2.840.113549.1.1.1)
  parameter: NULL

d.ktri: 
version: 
d.issuerAndSerialNumber: 
  issuer: C=DE, O=extern, OU=host3, CN=CA - host3
  serialNumber: 12302977334217659119
keyEncryptionAlgorithm: 
  algorithm: rsaesOaep (1.2.840.113549.1.1.7)
  parameter: SEQUENCE:
0:d=0  hl=2 l=  43 cons: SEQUENCE  
2:d=1  hl=2 l=  13 cons:  cont [ 0 ]
4:d=2  hl=2 l=  11 cons:   SEQUENCE  
6:d=3  hl=2 l=   9 prim:OBJECT:sha256
   17:d=1  hl=2 l=  26 cons:  cont [ 1 ]
   19:d=2  hl=2 l=  24 cons:   SEQUENCE  
   21:d=3  hl=2 l=   9 prim:OBJECT:mgf1
   32:d=3  hl=2 l=  11 cons:SEQUENCE  
   34:d=4  hl=2 l=   9 prim: OBJECT:sha256

How can I make sure that only the OAEP padding is used?

Regards 
Rudy



--
View this message in context: 
http://openssl.6102.n7.nabble.com/RSA-PKCS1-OAEP-PADDING-tp70741p70789.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users