I'm still fighting with the extraction of a signature from an ASN.1 DER
encoded block and converting it to a form suitable for use with
EVP_VerifyInit/Update/Final(). According to the OpenSSL documentation, the
signature should be in a form using PKCS #1 padding in order to be able to
verify the contents of a file with a public key.
Openssl gives the following output when I execute 'openssl asn1parse -inform
DER -in sigfile' on the signature file:
0:d=0 hl=4 l= 257 prim: BIT STRING
I found the following fragment from asn1pars.c which I think I can use to
extract the signature from the DER block:
ASN1_TYPE *at = d2i_ASN1_TYPE(NULL, pSignatureDataPtr, length);
if(V_ASN1_BIT_STRING == ASN1_TYPE_get(at))
{
// Copy the signature
memcpy(pSignatureOut, at->value.asn1_string->data,
at->value.asn1_string->length);
*pSignatureOutLength = at->value.asn1_string->length;
}
The length returned from at->value.asn1_string->length is 256. I try to feed
this into EVP_Verify*() as follows:
EVP_VerifyInit(&md_ctx, EVP_sha1());
// pData points to the array containing the contents of a file to validate,
dataLength is the length
EVP_VerifyUpdate(&md_ctx, pData, dataLength);
// pSignatureOut and pSignatureOutLength are extracted from the signature
above
// evpKey is extracted from a root certificate as follows:
// X509 *x509 = d2i_X509(NULL, pRootCertData, rootCertLength);
// EVP_PKEY *evpKey = X509_get_pubkey(x509);
EVP_VerifyFinal (&md_ctx, pSignatureOut, pSignatureOutLength, evpKey);
The result I get back is as follows:
4274:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:150:
4274:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:1281:
4274:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=X509_SIG
Am I extracting the signature correctly or is there something else wrong?
Thanks in advance!
Dr. Stephen Henson wrote:
>
> On Wed, Jun 06, 2007, digested wrote:
>
>>
>> I need to check that a SHA1 digest calculated over a file's contents
>> equals a
>> decrypted signature using a public key. Pretty standard OpenSSL stuff I
>> think?
>>
>> The public key is contained inside a memory block read from an X509 root
>> certificate. I do the following to extract it:
>>
>> X509 *x509 = d2i_X509(NULL, pData, dataLength);
>> EVP_PKEY *evpKey = X509_get_pubkey(x509);
>>
>> To verify the signature I use the following functions:
>>
>> EVP_VerifyInit(&md_ctx, EVP_sha1());
>> EVP_VerifyUpdate(&md_ctx, pDigest, digestLength);
>> EVP_VerifyFinal (&md_ctx, pSignature, signatureLength, evpKey);
>>
>> QUESTION #1: Should the above pDigest paramater contain (a) the contents
>> of
>> the already calculated SHA1 digest (with EVP_DigestInit/Update/Final) or
>> (b)
>> the file contents (on which EVP_VerifyUpdate() calculates the digest for
>> me?)
>>
>
> (b)
>
>
>> QUESTION #2: Which signature format should pSignature be formatted in?
>> The
>> documentation of the RSA_sign() function states that OpenSSL expects RSA
>> signatures to be an SSL signature using PKCS #1 padding and no algorithm
>> identifier. My signature is contained in a BITSTRING value inside an
>> ASN.1
>> DER-encoded memory block. How do I convert my ASN.1 encoded BITSTRING
>> signature into the format expected by EVP_VerifyFinal?
>>
>
> PKCS#1 padding is used on a DigestInfo structure. If it is a BITSTRING
> then it
> is quite likely in the correct format anway: you feed the content octets
> to
> EVP_VerifyFinal() not including the initial number of unused bits octet.
>
--
View this message in context:
http://www.nabble.com/Does-EVP_VerifyFinal-handle-ASN.1-DER-encoded-RSA-signatures--tf3877810.html#a11191649
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
