Re: Verify with RSA Public Key Fails
On Mon, Mar 01, 2010, Paul Suhler wrote: > Does anyone else have any speculation on why I'm failing the padding > check? I'm definitely using the public exponent and public modulus from > the CAVP sample request file. After conversion to BIGNUMs, the bytes in > the d, top, and dmax fields of each BIGNUM seem to be correct. > > I don't see anything else in the EVP_Verify*() APIs that are needed to > specify the algorithm to be used -- just set specify the hash algorithm > and provide the RSA key (inside an EVP_PKEY). > CAVP as in one of the FIPS 140-2 validation algorithm tests? If so there is some code already that parses the tests and passed validation in OpenSSL 0.9.8. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify with RSA Public Key Fails
Does anyone else have any speculation on why I'm failing the padding
check? I'm definitely using the public exponent and public modulus from
the CAVP sample request file. After conversion to BIGNUMs, the bytes in
the d, top, and dmax fields of each BIGNUM seem to be correct.
I don't see anything else in the EVP_Verify*() APIs that are needed to
specify the algorithm to be used -- just set specify the hash algorithm
and provide the RSA key (inside an EVP_PKEY).
Thanks,
Paul
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Paul Suhler
Sent: Saturday, February 27, 2010 6:17 AM
To: openssl-users@openssl.org; openssl-users@openssl.org
Subject: RE: Verify with RSA Public Key Fails
Hi, Mounir.
I misspoke. The value of the public exponent is in fact 3.
Any idea what is the purpose of the padding check or why it should fail?
Thanks,
Paul
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Mounir IDRASSI
Sent: Sat 2/27/2010 4:15 AM
To: openssl-users@openssl.org
Subject: Re: Verify with RSA Public Key Fails
Hi Paul,
You say that the exponent is 1024 bit long. This means you are using the
private exponent because usually the public exponent is much smaller:
typically the public exponent is 3 or 65537.
So in order to construct your RSA public key, replace the value of the
private exponent you are using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
>
> Hi, everyone.
>
> In Openssl 0.9.8i, I'm trying to take an RSA public exponent and
> public modulus, assemble them into an RSA key, and use that to verify
> a signature for a message. However, EVP_VerifyFinal() always fails,
> apparently because of the wrong use of padding.
>
> My code:
>
>RSA * RsaKeyPtr = RSA_new();
>EVP_PKEY * EvpKeyPtr = EVP_PKEY_new();
>
>RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); //
> Public modulus n
>RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); //
> Public key exponent e
>EvpKeyPtr->type = EVP_PKEY_RSA;
>if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
>{
> EVP_MD_CTX_init(&MDContext);
> if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL))
> {
> if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength))
> {
> if(EVP_VerifyFinal(&MDContext, SignaturePtr,
> SignatureLength, EvpKeyPtr))
> {
> ...
>
> The call stack looks like:
>
> RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
> ...
> RSA_eay_public_decrypt()
> RSA_padding_check_PKCS1_type_1()
>
> and that last function fails.
>
> Am I assembling the RSA key incorrectly?
>
> The modulus and exponent are each 1024 bits long and the message and
> signature are each 128 bytes long
>
> Thanks very much,
>
> Paul
> *___
> Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |*
> Office:* 949.856.7748 | _paul.suh...@quantum.com_
> <mailto:paul.suh...@quantum.com>
>
>
> The information contained in this transmission may be confidential.
> Any disclosure, copying, or further distribution of confidential
> information is not permitted unless such privilege is explicitly
> granted in writing by Quantum. Quantum reserves the right to have
> electronic communications, including email and attachments, sent
> across its networks filtered through anti virus and spam software
> programs and retain such messages in order to comply with applicable
> data security and retention requirements. Quantum is not responsible
> for the proper and complete transmission of the substance of this
> communication or for any delay in its receipt.
--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Verify with RSA Public Key Fails
On Sat, Feb 27, 2010, Paul Suhler wrote: > Hi, Mounir. > > I misspoke. The value of the public exponent is in fact 3. > > Any idea what is the purpose of the padding check or why it should fail? > Most likely cause is that the verification failed for example the key not correctly set of the signature corrupted. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify with RSA Public Key Fails
Hi, Mounir.
I misspoke. The value of the public exponent is in fact 3.
Any idea what is the purpose of the padding check or why it should fail?
Thanks,
Paul
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Mounir IDRASSI
Sent: Sat 2/27/2010 4:15 AM
To: openssl-users@openssl.org
Subject: Re: Verify with RSA Public Key Fails
Hi Paul,
You say that the exponent is 1024 bit long. This means you are using the
private exponent because usually the public exponent is much smaller:
typically the public exponent is 3 or 65537.
So in order to construct your RSA public key, replace the value of the
private exponent you are using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
>
> Hi, everyone.
>
> In Openssl 0.9.8i, I'm trying to take an RSA public exponent and
> public modulus, assemble them into an RSA key, and use that to verify
> a signature for a message. However, EVP_VerifyFinal() always fails,
> apparently because of the wrong use of padding.
>
> My code:
>
>RSA * RsaKeyPtr = RSA_new();
>EVP_PKEY * EvpKeyPtr = EVP_PKEY_new();
>
>RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); //
> Public modulus n
>RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); //
> Public key exponent e
>EvpKeyPtr->type = EVP_PKEY_RSA;
>if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
>{
> EVP_MD_CTX_init(&MDContext);
> if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL))
> {
> if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength))
> {
> if(EVP_VerifyFinal(&MDContext, SignaturePtr,
> SignatureLength, EvpKeyPtr))
> {
> ...
>
> The call stack looks like:
>
> RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
> ...
> RSA_eay_public_decrypt()
> RSA_padding_check_PKCS1_type_1()
>
> and that last function fails.
>
> Am I assembling the RSA key incorrectly?
>
> The modulus and exponent are each 1024 bits long and the message and
> signature are each 128 bytes long
>
> Thanks very much,
>
> Paul
> *___
> Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |*
> Office:* 949.856.7748 | _paul.suh...@quantum.com_
> <mailto:paul.suh...@quantum.com>
>
>
> The information contained in this transmission may be confidential.
> Any disclosure, copying, or further distribution of confidential
> information is not permitted unless such privilege is explicitly
> granted in writing by Quantum. Quantum reserves the right to have
> electronic communications, including email and attachments, sent
> across its networks filtered through anti virus and spam software
> programs and retain such messages in order to comply with applicable
> data security and retention requirements. Quantum is not responsible
> for the proper and complete transmission of the substance of this
> communication or for any delay in its receipt.
--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Verify with RSA Public Key Fails
Hi Paul,
You say that the exponent is 1024 bit long. This means you are using the
private exponent because usually the public exponent is much smaller:
typically the public exponent is 3 or 65537.
So in order to construct your RSA public key, replace the value of the
private exponent you are using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
Hi, everyone.
In Openssl 0.9.8i, I'm trying to take an RSA public exponent and
public modulus, assemble them into an RSA key, and use that to verify
a signature for a message. However, EVP_VerifyFinal() always fails,
apparently because of the wrong use of padding.
My code:
RSA * RsaKeyPtr = RSA_new();
EVP_PKEY * EvpKeyPtr = EVP_PKEY_new();
RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); //
Public modulus n
RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); //
Public key exponent e
EvpKeyPtr->type = EVP_PKEY_RSA;
if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
{
EVP_MD_CTX_init(&MDContext);
if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL))
{
if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength))
{
if(EVP_VerifyFinal(&MDContext, SignaturePtr,
SignatureLength, EvpKeyPtr))
{
...
The call stack looks like:
RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
...
RSA_eay_public_decrypt()
RSA_padding_check_PKCS1_type_1()
and that last function fails.
Am I assembling the RSA key incorrectly?
The modulus and exponent are each 1024 bits long and the message and
signature are each 128 bytes long
Thanks very much,
Paul
*___
Paul A. Suhler* | Firmware Engineer |* Quantum Corporation* |*
Office:* 949.856.7748 | _paul.suh...@quantum.com_
The information contained in this transmission may be confidential.
Any disclosure, copying, or further distribution of confidential
information is not permitted unless such privilege is explicitly
granted in writing by Quantum. Quantum reserves the right to have
electronic communications, including email and attachments, sent
across its networks filtered through anti virus and spam software
programs and retain such messages in order to comply with applicable
data security and retention requirements. Quantum is not responsible
for the proper and complete transmission of the substance of this
communication or for any delay in its receipt.
--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Verify with RSA Public Key Fails
Hi, everyone.
In Openssl 0.9.8i, I'm trying to take an RSA public exponent and public
modulus, assemble them into an RSA key, and use that to verify a
signature for a message. However, EVP_VerifyFinal() always fails,
apparently because of the wrong use of padding.
My code:
RSA * RsaKeyPtr = RSA_new();
EVP_PKEY * EvpKeyPtr = EVP_PKEY_new();
RsaKeyPtr->n = BN_bin2bn(ModulusPtr, ModulusLength, NULL); // Public
modulus n
RsaKeyPtr->e = BN_bin2bn(Exponent, sizeof(Exponent), NULL); // Public
key exponent e
EvpKeyPtr->type = EVP_PKEY_RSA;
if(EVP_PKEY_assign_RSA(EvpKeyPtr, RsaKeyPtr))
{
EVP_MD_CTX_init(&MDContext);
if(EVP_VerifyInit_ex(&MDContext, EvpMdPtr, NULL))
{
if(EVP_VerifyUpdate(&MDContext, MessagePtr, MessageLength))
{
if(EVP_VerifyFinal(&MDContext, SignaturePtr,
SignatureLength, EvpKeyPtr))
{
...
The call stack looks like:
RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
...
RSA_eay_public_decrypt()
RSA_padding_check_PKCS1_type_1()
and that last function fails.
Am I assembling the RSA key incorrectly?
The modulus and exponent are each 1024 bits long and the message and
signature are each 128 bytes long
Thanks very much,
Paul
___
Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office:
949.856.7748 | paul.suh...@quantum.com
--
The information contained in this transmission may be confidential. Any
disclosure, copying, or further distribution of confidential information is not
permitted unless such privilege is explicitly granted in writing by Quantum.
Quantum reserves the right to have electronic communications, including email
and attachments, sent across its networks filtered through anti virus and spam
software programs and retain such messages in order to comply with applicable
data security and retention requirements. Quantum is not responsible for the
proper and complete transmission of the substance of this communication or for
any delay in its receipt.
