Re: [EXTERNAL] Using openssl-rsautl for verifying signatures.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please look at 
demos/signature/rsa_pss_direct.c

If you want to use the old PKCS1 v1.5 padding then just replace
RSA_PKCS1_PSS_PADDING with RSA_PKCS1_PADDING.

Tomas

On Thu, 2022-05-05 at 10:35 -0600, Philip Prindeville wrote:
> Bonjour.  Et milles mercis.
> 
> That was helpful.
> 
> One more question: if I want to reproduce RSA_sign() (and
> RSA_verify()) using evp_key_sign() and evp_key_verify() then I'll
> need add code to do the ASN.1 marshaling, right?  There's no
> convenience function to do that (seems like an oversight if that's
> the case)?
> 
> -Philip
> 
> 
> > On May 4, 2022, at 3:45 AM, Erwann Abalea
> > <Erwann.Abalea@xxxxxxxxxxxx> wrote:
> > 
> > Bonjour,
> > 
> > The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5
> > padding for signature operations.
> > PKCS#1v1.5 is rewritten in RFC2313.
> > 
> > Using the command line tool, you can reproduce this:
> > 
> > echo -n "Mary had a little lamb." > datatosign
> > 
> > either one of the following can be used to sign data:
> >   openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign >
> > signing
> >   openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst
> > -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing
> > 
> > and you can display the signature either way (this will not
> > "verify", it will only perform the RSA verify operation with
> > PKCS#1v1.5 padding, without checking the validity or even if what
> > has been signed is a DigestInfo structure, and output the result of
> > the RSA operation):
> >   openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in
> > signing -asn1parse
> >   openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -
> > pubin -in signing -asn1parse
> > 
> > or you can actually verify the thing without displaying the result
> > of the RSA verify crypto operation:
> >   openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in
> > <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt
> > digest:sha1
> >   openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -
> > sha1 datatosign
> > 
> 

-- 
Tomáš Mráz, OpenSSL
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux