Hi Julius Thank you for your prompt reply. I hope you can help me, I'll try to explain it better.
I need to generate a soap envelope, see a correct example attached. Example message has been provided by the service provider along with a digital certificate in pkcs#12 file 10698.p12 also attached. This is what I'm doing: First: Convert 10698.p12 to 10698.pem openssl pkcs12 -in 10698.p12 -out 10698.pem -passin file:10698.psw -nodes Then I can stuff my message with the X509Token. So far so good. Next: I create a digest of my data object #MsgBody. The input to the SHA1 digest function is the text between and including the two elements: <EdiCustomsDeclaration .....> </EdiCustomsDeclaration> see attached example. I have tried both: openssl dgst -sha1 mydata.txt > mydigest.out - and - openssl dgst -sha1 -key 10698.pem mydata.txt > mydigest.out No matter what text is input, the result is always 40 bytes long. In all examples given to me, they are always 28 bytes long. I thought at first it was because I had not used the -key 10698.pem in the first command line, but both results were the same. The next step is to sign it. The signature lengths vary so no problem there yet, but my digest should be 28 bytes not 40 bytes. I must be missing something or perhaps I need a holiday. Any suggestions, even holiday ones, would be appreciated :-) David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Julius Davies Sent: 25 February 2007 20:56 To: openssl-users@openssl.org Subject: Re: RSA-SHA1 Digest Hi, David, I don't quite understand. Are you trying sign something? If you're trying to sign something, then it looks like this (please excuse my pseudo-code!): byte[] twentyBytes = sha1( input ); byte[] signature = rsaEncrypt( privateKey, twentyBytes ); In other words, you can use RSA to encrypt the 20 byte sha1 digest. But the output of the RSA encryption is going to be larger than 20 bytes! (Unless you use a very small RSA key - 160 bits?). Using a 2048 bit RSA private key, my output was 256 bytes (2048 bits). $ openssl dgst -sha1 -sign samples/rsa/openssl_rsa_unencrypted.pem -hex README.txt SHA1(README.txt)= 9699dc843a1608b4dbfd13a8f977d7381daae6bc659ebed6f9165f4a1417e447 86c8ec5373a06f85cb0d6c2d128bf9317e69274efa741b2a6289fb576bbe0c28 9efc1de644cf10bd64b4d4a1b24e1cc5688dc22e1732bc22a37984e554dbd2ef e42a0acd4e48e1f937129d20ea8465d4c1795a705825d8292df329d60660bd93 312fd5f66e0d6745bacd02190da091c2bb78854b1761d58b5ddd793bcd687328 3c3b52c2e370199465554397d70b4a5ceaf49df597b29cc50c50b69d16aaaf6a a7598192d0912509e6458ba3e611025c708d1f6f3260ddde332326ba87385a98 d2b84115c473a1df7deea4e189956656165fcfcd6abb92f2a7ca804e612677ad yours, Julius On 2/25/07, WCR <[EMAIL PROTECTED]> wrote: > > Hi All > > I have two simple questions that perhaps someone can answer. > > 1. Does Openssl version 0.9.8e allow one to produce an SHA1 digest with > RSA? > 2. If so, can I do it from a command line or do I need to link the > libraries? > > I think an SHA1 digest with RSA returns a string of length 28 Bytes but I > get 40 Bytes when I use the command: openssl dgst -sha1 -key mykey.pem > mydata.txt > mydigest.out (I want 28 bytes) > > Can anyone help samples etc? > > TIA > David > > -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/commons-ssl/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header><wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext";> <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary" Id="X509Token" ValueType="wsse:X509v3"> MIIC6TCCAdGgAwIBAgIRAKJBsnHLRuiGajUMvwYJh+IwDQYJKoZIhvcNAQEFBQAw ZTELMAkGA1UEBhMCSUUxHjAcBgNVBAoTFVJldmVudWUgQ29tbWlzc2lvbmVyczEg MB4GA1UECxMXUmV2ZW51ZSBPbi1MaW5lIFNlcnZpY2UxFDASBgNVBAMTC1JPUyBS U0EgQ0EyMB4XDTA2MTAyMzEyMzI1M1oXDTA4MTAyMjEyMzI1M1owTjEWMBQGA1UE AxMNQURNSU5JU1RSQVRPUjETMBEGA1UECxMKMTg1OTgxMzI5NTESMBAGA1UEChMJ S0lORyBDT05HMQswCQYDVQQGEwJJRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEA9PlKOv3ZuTmiT4XsFSPBrduB3SZzu2bJvlgOK+MSDsbc2hRmJqZuzqRFGvCm J3kFyB2Sy5QX3XzYNjsqkb8gmYr/7pjZ1WzDx5aoAj+t4XWn07VkuPi30KJUQpbe IDO2Gebh0wcakdRDILeix3KxZRmjy0ts21vf/oqCyeX8tf8CAwEAAaMvMC0wCwYD VR0PBAQDAgbAMB4GA1UdEQQXMBWBE2FueWJvZHlAYWRkcmVzcy5jb20wDQYJKoZI hvcNAQEFBQADggEBAG30/xBilQzr34w912WMC8qV7xP1GkgMKmw+ioVWd0GlK3ny twuXIazF8C2y58zV4/oGI3gU2gzYKHb4g8Z6RJMvbwLCYzHqwbkTJ9KQe2mM6NT5 uENFKIqgi3fsyCGNRlhYOYZBZBcpCyS9umcfEclAHnLu9V5fCwqsYODxriGvoNG0 YE0vNx1Qgy3EL5y7M4P7FiSz3ajV1qv7DpBrGT2KSSR9WYwNm8+F/znPsD6Dh3d/ /+TzJzABX/QhEQWPNfUE95gnBVRkdaARMtDTA8QgyPHxAdSCu6ktshQfoy7W1qAO sNBv+q0dfL9WojnqIJGcKsc6UtaC0YWNKTDZ6wo= </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#MsgBody"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>sXD2SsGQxI7DDFMwHwONxjGOaoI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> QnZ9BIpAwFYaF55BsZrzenrqGwOnmH+2N1dTXd1UgNumZnr0O1yJWFtwwEHbhhaQ C05xJvV0HY1rCBqfHCGw83rGpcGfAHrHMzVS9fncR7xqUGDVAPtb89ywji3RjxwN W2IxRvHDJt8VrNHZPZn/wVlGlJdseCDW11Qdotm6yDU= </ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature></wsse:Security> </soapenv:Header> <soapenv:Body Id="MsgBody"><EdiCustomsDeclaration xsi:schemaLocation="http://www.ros.ie/schemas/customs/edisad/v1 C:\AEP\schemas\schemas\sadedifact\schema.xsd" xmlns="http://www.ros.ie/schemas/customs/edisad/v1"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><![CDATA[UNB+UNOC:3+CAE00043270+REV.IE+070220:1252+070220125247'UNH+0022466+CUSDEC:D:96B:UN:IEA001'BGM+22:105::EXA++X12'LOC+35+IE'LOC+36+SG'LOC+42+IEDUB100'LOC+14+ 'LOC+22+IEDUB100'LOC+18+:::IE00'GIS+ :160'GIS+1:146'EQD+CN+TRLU4621596'FTX+ACB++1D24+200701050100'RFF+ABI:43270'RFF+AAS:804550'TDT+12++1+++++:::TRLU4621596'TDT+11++1+++++::::IE'NAD+CZ+VAT8226392B'NAD+CN+++HEWLETT PACKARD COMPANY FAR EST LTD+450 ALEXANDRA ROAD SINGAORE 11960+SINGAPORE+++SG'NAD+DT+CAE00043270'MOA+39:53251.50:USD'UNS+D'CST+1+48172000'LOC+27+IE'MEA+WT+AAA+KGR:6100.000'MEA+AAS++SPU:10.000'PAC+1++CT:67'PCI+28+1 PCS ADDR'MOA+123:40332.88'RFF+ACE:'RFF+CW::1'IMD+E'FTX+AAA+++PAPER PRODUCTS'DOC+N935+804550'GIS+001:PII'GIS+000:117::1000'UNS+S'CNT+5:1'UNT+38+0022466'UNZ+1+070220125247']]></EdiCustomsDeclaration> </soapenv:Body> </soapenv:Envelope>
