From: owner-openssl-us...@openssl.org On Behalf Of brajan
Sent: Friday, 16 September, 2011 08:07
I sign the Message using Java IBMFIPS compliant [provider]
the code to sign the message is
wrapping mostly fixed
GetPrivateKey privkey = new GetPrivateKey();
Signature genSign = Signature.getInstance(SHA1withRSA,IBMJCEFIPS);
genSign.initSign(privkey.get());
genSign.update(data.getBytes());
byte[] byteSignedData = genSign.sign();
Get Private Key function code
File privateKeyFile = new File(Certificates +
File.separator+mykey.der);
byte[] encodedKey = new byte[(int)privateKeyFile.length()];
new FileInputStream(privateKeyFile).read(encodedKey);
This can leak the file open (descriptor). No problem for a
run-and-done utility, but may be for a long-running server
depending on when and how this gets garbage-collected.
Also, using FIPS crypto but having privatekey in a clear file
doesn't really make security sense, but that's your concern.
Perhaps this is only a test environment.
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedKey);
KeyFactory kf = KeyFactory.getInstance(RSA,IBMJCEFIPS);
RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey)
.generatePrivate(privateKeySpec);
Obviously that should be kf.generatePrivate
return privatekey;
I am verifying this signature using openssl 0.9.8g,
RSA_Verify() function.
0.9.8g is four years old. I don't recall (and won't
search through to see) if any of the things fixed
since then would affect this basic lowlevel usage;
it's less likely than other areas but not impossible.
I don't have that IBM provider, but using the Sun provider
it works for me; you are verifying as NID_sha1 right?
Maybe the IBM provider is encoding the algid wrong or oddly.
To check, get that (raw) signature in a file and the key
(at least the publickey) in a format OpenSSL likes, then
rsautl -verify (which does only the RSA_public_decrypt step)
and asn1parse the result. Since you apparently don't mind
having the privatekey clear, 'traditional' PEM is easy:
openssl pkcs8 pkcs8derfile -inform der -nocrypt rsapemfile
openssl rsautl -verify -in sigfile -inkey rsapemfile temp
openssl asn1parse temp -inform der
See if the OBJECT (algorithm OID) is :sha1.
If not, but it is an OID known to openssl, just use its NID
(assuming it is at least consistent across all signatures).
If it's not known (e.g. nonstandard), it appears to me
adding it dynamically with OBJ_create should work, but
that's a little more complicated (and I haven't tested).
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
