Em Friday 17 April 2009 18:05:35 Dr. Stephen Henson escreveu: > On Fri, Apr 17, 2009, Rodrigo Canellas wrote: > > > Hi! > > > > > > > > I am trying to use 'RSA_verify' to verify a signature, but I am getting the > > error "67567722", which is translated to: "error:0407006A:rsa > > routines:RSA_padding_check_PKCS1_type_1:block type is not 01". > > > > > > > > When I use 'openssl pkcs7 -in TEST_KEY.RSA -print_certs -text -noout > > -inform DER', I get: > > " > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > a7:01:33:46:d1:d9:e3:d0 > > Signature Algorithm: sha1WithRSAEncryption > > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > > Certificate/emailaddress=rcanel...@tqtvd.com > > Validity > > Not Before: Feb 3 13:50:52 2009 GMT > > Not After : Feb 3 13:50:52 2010 GMT > > Subject: C=BR, ST=RJ, O=TQTVD, OU=Test, CN=Astro Test Certificate > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (1024 bit) > > Modulus (1024 bit): > > 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: > > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: > > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: > > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: > > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: > > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: > > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: > > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: > > 75:26:6b:21:72:ec:ae:6e:9b > > Exponent: 65537 (0x10001) > > X509v3 extensions: > > X509v3 Basic Constraints: > > CA:FALSE > > Netscape Comment: > > OpenSSL Generated Certificate > > X509v3 Subject Key Identifier: > > AF:2D:B9:4E:87:03:CD:53:90:BF:C5:BE:1C:BC:6A:4B:F2:86:67:D8 > > X509v3 Authority Key Identifier: > > > > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > > > > > > > > Signature Algorithm: sha1WithRSAEncryption > > 06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: > > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: > > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: > > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: > > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: > > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: > > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: > > 6e:99 > > > > > > > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > a7:01:33:46:d1:d9:e3:cf > > Signature Algorithm: sha1WithRSAEncryption > > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > > Certificate/emailaddress=rcanel...@tqtvd.com > > Validity > > Not Before: Feb 3 13:15:26 2009 GMT > > Not After : Feb 3 13:15:26 2012 GMT > > Subject: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > > Certificate/emailaddress=rcanel...@tqtvd.com > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > RSA Public Key: (1024 bit) > > Modulus (1024 bit): > > 00:a9:f9:f8:70:d7:aa:a2:16:83:59:69:11:af:f8: > > dc:6d:f2:0b:e1:b1:39:12:90:4c:28:e2:24:da:8b: > > 49:78:3c:97:2f:4e:ca:2e:1f:29:a4:f9:94:40:17: > > b2:6b:30:5b:51:20:f9:50:f3:be:1f:f4:ce:35:fb: > > 05:93:98:04:37:aa:d8:1f:90:a5:f7:04:43:ed:b3: > > 8a:fd:00:fa:f1:36:a8:ef:29:bb:cf:92:95:5f:e0: > > 04:f2:2b:64:52:63:ac:f2:77:b7:b1:60:cf:5e:13: > > e9:ec:8e:37:ef:c3:de:ca:55:51:1d:f5:61:c2:c8: > > b0:e7:c2:3e:4b:1f:c3:16:49 > > Exponent: 65537 (0x10001) > > X509v3 extensions: > > X509v3 Subject Key Identifier: > > 96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > > X509v3 Authority Key Identifier: > > > > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > > DirName:/C=BR/ST=RJ/O=TQTVD/OU=Development/CN=Astro Root CA > > Certificate/emailaddress=rcanel...@tqtvd.com > > serial:A7:01:33:46:D1:D9:E3:CF > > > > > > > > X509v3 Basic Constraints: > > CA:TRUE > > Signature Algorithm: sha1WithRSAEncryption > > 60:95:2e:f7:21:f0:16:bc:67:35:6c:c1:0d:ea:0d:25:38:2a: > > c8:70:4e:8b:99:08:27:65:88:3e:ff:9c:eb:4d:26:e2:30:15: > > 34:2b:82:58:65:ff:29:d3:ec:9f:12:50:f9:65:c0:79:1c:63: > > 72:52:13:c3:b2:68:41:3a:b2:3c:8e:47:11:28:f2:c4:61:98: > > 1e:de:97:08:3d:b0:c6:06:db:44:f8:b2:92:6e:68:42:8c:5c: > > b3:66:dd:f0:72:32:12:c9:ae:d2:a2:0b:7a:f5:ca:ea:30:cb: > > 11:f6:2b:31:d8:ac:eb:49:37:c2:79:07:e2:e9:78:51:6b:23: > > a7:33 > > " > > > > > > > > The hash of the file that was signed by the first certificate in the chain, > > i.e., serial "a7:01:33:46:d1:d9:e3:d0" is "11 18 41 32 20 0B 73 D9 B4 6B 35 > > B3 CF FA B4 73 96 66 3C 8F". I get this result from my program as well as > > from 'sha1sum'. > > > > > > > > 'RSA_verify' is called with: > > 'type' as "NID_sha1", > > 'm' as "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F", > > 'm_len' is "20", > > 'sigbuf' is > > '06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: > > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: > > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: > > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: > > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: > > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: > > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: > > 6e:99' > > 'siglen' is "128", > > and 'rsa' is created like this (error checking and handling ommited): > > " > > rsa = RSA_new (); > > rsa->n = BN_bin2bn(bufPubKeyMod, pubKeyMod.size (), 0); > > rsa->e = BN_bin2bn(bufPubKeyExp, 3, 0); > > " > > where 'bufPubKeyMod' is > > " 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: > > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: > > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: > > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: > > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: > > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: > > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: > > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: > > 75:26:6b:21:72:ec:ae:6e:9b" > > > > > > > > and 'bufPubKeyExp' is "01:00:01" > > > > > > > > What I do not understand (and I think this is the cause of the error) is > > why the modulus of the certificate "a7:01:33:46:d1:d9:e3:d0" has 129 bytes, > > instead of 128? What does the first '0x00' byte mean? > > > > > > > > But, as I am extremely newbie to cryptography, and even more to 'openssl', > > I am sure I am making a, well, newbie mistake. > > > > > > > > That error usually means you are using the wrong key and/or signature or one > or the other has become corrupted. > > In this case you are using the wrong signature altogether. > > Unless you have a good reason to manually process a PKCS#7 signature I'd > suggest you use the "smime" utility instead or the documented S/MIME API. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
I tried to use the other certificate in the PKCS#7 file, and this time I got an error that clearly tells me I am using a bad signature: "Error number '67596392', which means 'error:04077068:rsa routines:RSA_verify:bad signature', while verifying the signature", instead of the error "67567722", which is translated to: "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01". Isn't it possible that the error "67567722" means something different from "> In this case you are using the wrong signature altogether.", as Dr. Stephen N. Henson pointed out? Meanwhile, I will take a look S/MIME API. Thanks a lot! -- Rodrigo Canellas Software Developer Digital TV Products +55 21 3147-3000/8675 rodrigo.canel...@tqtvd.com www.tqtvd.com TQTVD Software
