What format signature does Openssl pkeyutl expect?

I am trying to verify a file that has been signed by hashing with SHA-1 and encrypting the hash with an RSA private key.

Obviously I am using the RSA public key for verification. The key is in DER format.

Signature verification works correctly using the Java Signature class.

The openssl command I'm trying with (and the result):

       ~/Downloads/openssl-1.0.0-beta3/apps/openssl pkeyutl -in encryptedZip.bin 
-keyform DER -verify -sigfile savedDigitalSignature.txt -pubin -inkey public.der
    WARNING: can't open config file: /usr/local/ssl/openssl.cnf
    Signature Verification Failure

      

I don't see anything in the openssl config file to be applied, so I don't think it matters.

SavedDigitalSignature.txt contains the signature bytes.

My theory is that openssl is looking for a digital signature in some particular file format, but I didn't find anything in the documentation indicating what it should be.

Thoughts?

+2


source to share


3 answers


This command is very low. You have to make sure everything is in the correct format to work,



  • The input signature (-sigfile) must be a binary signature. For RSA, padding must be PKCS # 1.
  • The input data must be a binary digest. If you sign it with SHA1, this file can only contain 20 bytes.
  • The public key must be in X.509 encoded SubjectPublicKeyInfo in DER or PEM format.
+2


source


I haven't used OpenSSL-1.0.0-beta3 yet, so I'm not familiar with pkeyutl

, but the command dgst

also generates and validates digital signatures and expects the signatures to be on par, a completely unadorned binary.



For example, an RSA signature expects a binary blob representing one BigNum. Looking at the maual page for pkeyutl, it seems likely that it works the same way. An easy test would be to use pkeyutl to sign something and check the output (if the bit size is the same as the RSA key length, it's a simple BigNum - if it's larger, try using dumpasn1 to see if it's in DER format).

0


source


Java expects RSA signature to follow PKCS # 1: digest and digest algorithm sequence and then signed (encrypted with RSA secret key).

It is possible that pkeyutl

only the digest is expected and not the ASN.1 structure, but that would be a surprising disregard for interoperability. In any case, once the data is "signed", the "signature" output will look like & hellip; just a random string of octets.

Please send the generated signature sample pkeyutl

along with the public key that will verify it and the file that will be verified.

0


source







All Articles