WG: OCSP response signature verification
Hi everyone, we are currently trying to verify an ocsp response. The return is Response verify OK but we need to verify the signature algorithm of the response signature. We tried putting the response into an DER and parsing it. But still no information about the signature. There are signature algorithm printed, but those are the ones of the certificates. Or am I wrong? Is there a way to only print the signature of the response? I've added the response for further information. Any help would be appreciated! S999D003:/tmp/ocsp # openssl ocsp -respin response-2.der -text OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST OCSP-03 2008:PN Produced At: Mar 12 09:58:31 2010 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: A611B199CA6EE1B1B8599953CBF428F8F8C94641 Issuer Key Hash: F9CBC2D42788A9A1B050625E4DD2547D74731EBE Serial Number: 094D36 Cert Status: good This Update: Mar 12 09:58:31 2010 GMT Response Single Extensions: 1.3.36.8.3.12: ..20090715143639Z 1.3.36.8.3.13: 0!0...+...'.}O.L.j}..T. Response Extensions: OCSP Nonce: 0410F987B6A59DB4116D1F60F436790C8C73 OCSP Archive Cutoff: Mar 21 00:00:00 1975 GMT Certificate: Data: Version: 3 (0x2) Serial Number: 515214 (0x7dc8e) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Qualified Root CA 1 2008:PN Validity Not Before: Jul 25 08:25:06 2008 GMT Not After : Jul 24 08:25:06 2013 GMT Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST OCSP-03 2008:PN Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:f9:ee:d4:f3:19:42:22:88:7b:cc:d4:9d:63:5b: 4b:7d:ed:ad:76:18:2d:90:76:d4:d3:46:b1:7a:fc: [...]47:83:7a:39:40:7c:dd:45:92:a3:d8:3d:e4:4c:62: c3:bd Exponent: 3017650581 (0xb3ddb195) X509v3 extensions: X509v3 Extended Key Usage: OCSP Signing X509v3 Authority Key Identifier: keyid:67:E0:65:56:FC:7D:25:37:C5:BF:ED:78:88:2A:F0:FA:F2:47:C0:3A qcStatements: 0.0..F..0..F. Authority Information Access: OCSP - URI:http://qual.ocsp.d-trust.net X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.4788.2.31.1 X509v3 CRL Distribution Points: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Qualified%20Root%20CA%201%202008%3APN,O=D-Trust%20GmbH,C=DE?certificaterevocationlist URI:http://www.d-trust.net/crl/d-trust_qualified_root_ca_1_2008.crl X509v3 Issuer Alternative Name: email:i...@d-trust.net, URI:http://www.d-trust.net X509v3 Subject Key Identifier: 69:6E:2D:C0:AC:21:5E:52:4F:04:B2:57:B9:A8:93:18:D9:4B:F3:42 X509v3 Key Usage: critical Non Repudiation Signature Algorithm: sha256WithRSAEncryption 08:15:99:7a:60:45:35:c0:48:78:b2:e8:cd:fe:c8:2d:ad:3d: [...] 44:b6:ea:3d:75:cb:40:5a:c4:e3:31:3b:69:14:77:e1:01:59: 3c:a8:56:27 -BEGIN CERTIFICATE- MIIFCjCCA/KgAwIBAgIDB9yOMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAkRF [...] SycN3OakJ+QSiYCOOlQOY5TC+Ns5r/I9UzgGRzUqSr5Ho1kkI9h3Z0fnCjLlHwC5 +f/EUYHDfsXGTLQT1L1xEcSOUMJqV3c2RLbqPXXLQFrE4zE7aRR34QFZPKhWJw== -END CERTIFICATE- Certificate: Data: Version: 3 (0x2) Serial Number: 515120 (0x7dc30) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Qualified Root CA 1 2008:PN Validity Not Before: Jul 24 16:36:17 2008 GMT Not After : Jul 24 16:36:17 2013 GMT Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Qualified Root CA 1 2008:PN Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a6:87:ed:90:a5:73:91:95:c2:19:37:b5:29:c4: a4:5f:9d:0b:29:90:28:a7:07:7e:3f:62:49:b6:25: 2f:59:db:33:2d:25:d6:d7:a1:ff:87:08:f0:b5:04: dd:45:ca:25:a5:e3:29:8c:48:8d:06:79:a7:26:9f: c8:20:2d:09:de:bc:84:94:6d:23:8a:8a:98:1a:a9: 9e:5e:de:8e:f7:ca:b5:92:dc:0a:59:ef:03:e6:b4: 9c:83:9f:8a:b5:0e:e5:2c:2a:d5:c7:60:fa:00:ae: 41:db:76:e8:8b:bd:b1:16:06:37:85:d3:50:6d:6c: 56:af:42:6d:19:28:25:8a:a7:c5:de:e1:0b:b3:32:
RE: WG: OCSP response signature verification
Sure! Here are the request and response files. Kind regards Michel Pittelkow Hi everyone, we are currently trying to verify an ocsp response. The return is Response verify OK but we need to verify the signature algorithm of the response signature. We tried putting the response into an DER and parsing it. But still no information about the signature. There are signature algorithm printed, but those are the ones of the certificates. Or am I wrong? Is there a way to only print the signature of the response? It should print the signature algorithm and signature just before the certificates. See the OCSP_RESPONSE_print() function in ocsp_prn.c. Are you using an old version of OpenSSL? I've added the response for further information. Any help would be appreciated! Would be more useful if you'd attached the DER response i.e. response-2.der, can you send that? S999D003:/tmp/ocsp # openssl ocsp -respin response-2.der -text [snip] Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org +--+ | - michael-wessel.de Secure E-Mail Status - | +--+ | - Die Nachricht war weder verschluesselt noch digital unterschrieben | +--+ request-2.der Description: request-2.der response-2.der Description: response-2.der
AW: WG: OCSP response signature verification
I forgot to write, which versions are used. For the client we are using 0.9.8L. But we also tested with M. We are not sure about the responders but we are trying to find out. Kind regards Michel Pittelkow Hi everyone, we are currently trying to verify an ocsp response. The return is Response verify OK but we need to verify the signature algorithm of the response signature. We tried putting the response into an DER and parsing it. But still no information about the signature. There are signature algorithm printed, but those are the ones of the certificates. Or am I wrong? Is there a way to only print the signature of the response? It should print the signature algorithm and signature just before the certificates. See the OCSP_RESPONSE_print() function in ocsp_prn.c. Are you using an old version of OpenSSL? I've added the response for further information. Any help would be appreciated! Would be more useful if you'd attached the DER response i.e. response-2.der, can you send that? S999D003:/tmp/ocsp # openssl ocsp -respin response-2.der -text [snip] Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org +--+ | - michael-wessel.de Secure E-Mail Status - | +--+ | - Die Nachricht war weder verschluesselt noch digital unterschrieben | +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AW: WG: OCSP response signature verification
Ah! That's exactly the point, where I tried to edit the code and recompile it. But every time I tried to I became an error in make complaining about [link_app.] and a false call of 'main' in _start... Can I just replace the file and recompile openssl? Or do I have to edit something in any type of data. Sorry. I am not that into C though :-( Kind regards Michel Pittelkow I forgot to write, which versions are used. For the client we are using 0.9.8L. But we also tested with M. We are not sure about the responders but we are trying to find out. Oops, there was a bug in the print routine which meant the signature and signature algorithm were never printed out. I've just fixed it here: http://cvs.openssl.org/chngview?cn=19434 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org +--+ | - michael-wessel.de Secure E-Mail Status - | +--+ | - Die Nachricht war weder verschluesselt noch digital unterschrieben | +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
AW: WG: OCSP response signature verification
Done that. It now seems to work! Thank you :) S999D003:/home/ah/test # ./openssl ocsp -respin response-2.der -text OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = DE, O = D-Trust GmbH, CN = D-TRUST OCSP-03 2008:PN Produced At: Mar 12 09:58:31 2010 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: A611B199CA6EE1B1B8599953CBF428F8F8C94641 Issuer Key Hash: F9CBC2D42788A9A1B050625E4DD2547D74731EBE Serial Number: 094D36 Cert Status: good This Update: Mar 12 09:58:31 2010 GMT Response Single Extensions: 1.3.36.8.3.12: ..20090715143639Z 1.3.36.8.3.13: 0!0...+...'.}O.L.j}..T. Response Extensions: OCSP Nonce: 0410F987B6A59DB4116D1F60F436790C8C73 OCSP Archive Cutoff: Mar 21 00:00:00 1975 GMT Signature Algorithm: sha256WithRSAEncryption c0:71:91:0c:47:da:92:47:4a:03:a7:4f:2b:1f:fb:96:aa:a3: ce:e0:c1:23:bb:e1:39:48:4e:68:28:db:99:79:83:12:bf:48: 66:63:4b:fc:c3:39:c0:87:ef:26:2c:53:6b:54:dd:f9:1e:17: 66:ff:d9:9f:6e:7d:31:65:90:7c:5c:b5:fa:31:42:44:96:4b: 1d:c7:4d:4f:6a:57:93:2e:c6:72:6f:da:47:f7:33:58:f4:ed: 51:fc:e7:24:19:dc:23:2e:12:b4:b2:1d:76:14:7c:56:ac:0e: 81:b8:b8:ef:a2:5f:5d:11:a9:cd:a8:19:31:2e:35:5a:b4:bc: 87:4b:66:c8:7a:a1:1f:6e:6b:1b:2b:85:5c:3a:34:cb:e4:c2: 68:58:27:70:d5:99:fd:92:3c:0d:08:2d:05:93:80:ef:be:42: 0a:d1:81:82:8f:06:51:ef:15:9c:19:38:63:d9:73:0f:c3:c5: 13:26:ca:eb:b2:76:7b:32:20:df:99:c1:50:13:f5:76:5c:44: f2:91:0d:42:4f:46:57:8a:f7:f1:6f:a2:21:dd:b5:8b:84:96: d2:de:25:df:d2:4b:f4:e1:dd:9e:31:48:21:95:08:0e:67:6f: 49:e1:ab:77:11:cf:61:dc:ae:d3:38:a3:fb:54:36:70:bc:1a: 56:47:22:fe Certificate: Data: Kind regards Michel Pittelkow Ah! That's exactly the point, where I tried to edit the code and recompile it. But every time I tried to I became an error in make complaining about [link_app.] and a false call of 'main' in _start... Can I just replace the file and recompile openssl? Or do I have to edit something in any type of data. Sorry. I am not that into C though :-( If you've compiled OpenSSL already you should just make the change and type make and it should rebuild it OK. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org +--+ | - michael-wessel.de Secure E-Mail Status - | +--+ | - Die Nachricht war weder verschluesselt noch digital unterschrieben | +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org