Re: openssl RSA_sign() and Java verify how
I'd suggest as a next step to see if you're using the same public key for both the Java and openssl verify. After that, the next step would be, in Java, to do a raw public key operation and examine the result. That will tell you whether it's the public key, the padding, the OID, or the hash that has the problem. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: R Redpath/Raleigh/IBM@IBMUS To: openssl-users@openssl.org, Date: 10/30/2012 04:59 PM Subject:openssl RSA_sign() and Java verify how Sent by:owner-openssl-us...@openssl.org I am using openssl to create a signature for a file contents and use openssl to verify the contents using the signature file. The public key is from an x509 cert. All works great. I need to verify a file contents using Java. So I have written a sample Java application and it returns false and should return true. I use the same artifacts as I did for the openssl. I think the saved binary file of the signature may need some conversion for Java but thats my guess? The computed SHA1 for the message digest by openssl and by Java are the same. So thats a good start. The Java Application is enclosed below. Basically 1 open the x509 and extract the public key. 2 read the contents of the file and make a SHA1 message digest 3 read the binary signature file 4 check signature against message digest using public key.
RE: openssl RSA_sign() and Java verify how
From: owner-openssl-us...@openssl.org On Behalf Of redpath Sent: Tuesday, 30 October, 2012 16:56 I am using openssl to create a signature for a file contents and use openssl to verify the contents using the signature file. The public key is from an x509 cert. All works great. Specifically, a SHA1-with-RSA PKCS#1 signature; there are many other public-key signature schemes, many of which OpenSSL and/or Java (by default) support. I need to verify a file contents using Java. So I have written a sample Java application and it returns false and should return true. I use the same artifacts as I did for the openssl. I think the saved binary file of the signature may need some conversion for Java but thats my guess? Nope. A C binary file, as you correctly did (with fopen wb), and a Java File{Input,Output}Stream are compatible, at least on all platforms supported by standard Sun^WOracle Java. You're double-hashing. The lower-level RSA_{sign,verify} in OpenSSL takes a hash and directly signs/verifies it using the standard {AlgId,OCTETSTRING} format and PKCS#1 padding. If you instead used the high-level EVP_{Sign,Verify}* those take the _data_, _do_ the hash, and sign/verify the hash. Java with the Suncle standard providers does only the latter. The signature algorithm name you used, SHA1WithRSA, says this; it does SHA1 *and* RSA sign/verify. Feed sig.update the actual data (in chunks if necessary), not a hash. There may be other options using non-standard providers, and for that matter using your own code. If you really want, you can take the public key (e,n), do the raw-RSA public decrypt (Java has BigInteger with modPow standard), unpad (checking valid), extract the hash (with checking AlgId), and compare. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl RSA_sign() and Java verify how
I am using openssl to create a signature for a file contents and use openssl to verify the contents using the signature file. The public key is from an x509 cert. All works great. I need to verify a file contents using Java. So I have written a sample Java application and it returns false and should return true. I use the same artifacts as I did for the openssl. I think the saved binary file of the signature may need some conversion for Java but thats my guess? The computed SHA1 for the message digest by openssl and by Java are the same. So thats a good start. The Java Application is enclosed below. Basically 1 open the x509 and extract the public key. 2 read the contents of the file and make a SHA1 message digest 3 read the binary signature file 4 check signature against message digest using public key. I searched the forum and have not really found anything definitive for this. I use int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv); /** * Write out Digital Signature File ***/ fp = fopen(signature.rsasigned,wb); fwrite(sigret, 1, siglen, fp); fclose(fp) to create the signature file. /* This will read the X509 certificate RSApublic.x509.1 created by the openssl commands and print out information about it. javac sample.java java sample */ import java.util.Date; import java.io.*; import java.security.cert.X509Certificate; import java.security.*; import java.security.cert.*; public class sample { public static PublicKey x509GetPublic(String filename){ try{ File f = new File(filename); FileInputStream fis = new FileInputStream(f); BufferedInputStream ksbufin = new BufferedInputStream(fis); X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance(X.509).generateCertificate(ksbufin); if (certificate!= null){ System.out.println(yes we can open it \n); } Principal p= certificate.getIssuerDN(); System.out.println(DN: +p.getName()+\n); Date d= certificate.getNotAfter(); if (d!=null) System.out.println(got Not After Date \n+d.toString()); PublicKey pubkey= certificate.getPublicKey(); if (pubkey!=null) System.out.println(\n got public key \n); System.out.println(public key format is +pubkey.getFormat()); return pubkey; }catch (Exception e){ e.printStackTrace(); } return null; } public static byte[] SHA1(String filename)throws Exception { MessageDigest md = MessageDigest.getInstance(SHA-1); FileInputStream fis = new FileInputStream(filename); byte[] dataBytes = new byte[1024]; int nread = 0; while ((nread = fis.read(dataBytes)) != -1) { md.update(dataBytes, 0, nread); }; byte[] mdbytes = md.digest(); System.out.println(SHA1 Length is +mdbytes.length); return mdbytes; } static void hexout(byte[] mdbytes){ StringBuffer sb = new StringBuffer(); for (int i = 0; i mdbytes.length; i++) { sb.append(Integer.toString((mdbytes[i] 0xff) + 0x100, 16).substring(1)); } System.out.println(Hex format : + sb.toString()); } / The signature algorithm with SHA-* and the RSA encryption algorithm as defined in the OSI Interoperability Workshop, using the padding conventions described in PKCS #1. SHA1withRSA SHA256withRSA SHA384withRSA SHA512withRSA The ECDSA signature algorithms as defined in ANSI X9.62. Note:ECDSA is an ambiguous name for the SHA1withECDSA algorithm and should not be used. The formal name SHA1withECDSA should be used instead. NONEwithECDSA SHA1withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA */ static public void checkSignature(PublicKey pubkey, byte[] mdbytes, byte[] sigToVerify){ try{ // Signature sig = Signature.getInstance(SHA256withRSA); //, SUN); Signature sig = Signature.getInstance(SHA1withRSA); //,SUN); sig.initVerify(pubkey); sig.update(mdbytes, 0, mdbytes.length); boolean verifies = sig.verify(sigToVerify); System.out.println(signature verifies: + verifies); }catch (Exception e){ e.printStackTrace(); } } /** * @param args */ public static void main(final String[] args) { System.out.println(hello\n); try{ /** * Get public key from X509 cert **/ PublicKey pubkey=x509GetPublic(RSApublic.x509.1); /** * Make MessageDigest from file contents **/ byte[] mdbytes=SHA1(landscape.steg.jpg);