Bonjour,
The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations.
PKCS#1v1.5 is rewritten in RFC2313.
Using the command line tool, you can reproduce this:
echo -n "Mary had a little lamb." > datatosign
either one of the following can be used to sign data:
openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing
openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing
and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation):
openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse
openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse
or you can actually verify the thing without displaying the result of the RSA verify crypto operation:
openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1
openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign
On Wed, May 4, 2022 at 7:16 AM Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
I did the following in trying to build some validation steps to use against my own rewrite of the crypto functions in Asterisk (to use EVP-PKEY).
% echo -n "Mary had a little lamb." | openssl sha1 -binary > digest
% od -t x1 digest
0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
0000020 bd ef 57 00
0000024
% openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest > signing
% openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in signing > digest2
% od -t x1 digest
0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04
0000020 bd ef 57 00
0000024
And all of that looks good.
But when I take the result of calling:
const char msg[] = "Mary had a little lamb.";
unsigned msglen = sizeof(msg) - 1;
char digest[20];
/* Calculate digest of message */
SHA1((unsigned char *)msg, msglen, digest);
res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa);
And write that (dsig, siglen) to a file (signing2) and then try to verify that, I get very different results:
openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in signing2 -asn1parse
0:d=0 hl=2 l= 33 cons: SEQUENCE
2:d=1 hl=2 l= 9 cons: SEQUENCE
4:d=2 hl=2 l= 5 prim: OBJECT :sha1
11:d=2 hl=2 l= 0 prim: NULL
13:d=1 hl=2 l= 20 prim: OCTET STRING
0000 - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04 N.......L..v.]*.
0010 - bd ef 57 00 ..W.
Why is RSA_sign() wrapping the signature in ASN.1?
Or, put a different way, how do I reproduce what RSA_sign() is doing from the command line?
Is there another command that does RSA signing besides rsautl?
Thanks,
-Philip
Cordialement,
Erwann Abalea.
