Crypto++ signature verification failure of X.509 certificate with rsassaPss and sha384

140 views
Skip to first unread message

Chris Rhoads

unread,
Oct 13, 2016, 11:18:52 AM10/13/16
to Crypto++ Users
I have a test application that is based on source code posted on https://www.cryptopp.com/wiki/X.509.  I've been unable to verify the signature of an X.509 certificate that was signed with the following algorithm:

    Signature Algorithm: rsassaPss
         Hash Algorithm: sha384
         Mask Algorithm: mgf1 with sha384
         Salt Length: 0x14 (default)
         Trailer Field: 0xBC (default)

x509.exe (my test application) output:

$ x509.exe rootcert.pem cacert.pem
Signature algorithm is RSASSA-PSS.
Hash algorithm is SHA384.
Signature verification failed.

But it succeeds if the certificate signature used the following algorithm:

    Signature Algorithm: rsassaPss
         Hash Algorithm: sha1 (default)
         Mask Algorithm: mgf1 with sha1 (default)
         Salt Length: 0x14 (default)
         Trailer Field: 0xBC (default)

x509.exe (my test application) output:

$ x509.exe rootcert.pem cacert.pem
Signature algorithm is RSASSA-PSS.
Hash algorithm is SHA1.
The signature verified.
 
The test keys and certificates that I'm using were generated with OpenSSL.

If you can determine why I'm unable to verify the signature of my sha384 certificates, I would greatly appreciate the help!

===

I'm using the following code versions:

Operating System: Windows 7 Professional Service Pack 1
Compiler: Microsoft Visual C++ 2008 (yes, I know we are now in 2016)
Crypto++ Library: version 5.6.5
OpenSSL: version 1.1.0b

The scripts I used to create the keys and certificates with OpenSSL are the attached; note I'm executing these commands in a Git Bash command shell (MINGW64):

   sha1 certificates: sha1.zip\sha1\openssl_sha1.sh
   sha384 certificates: sha384.zip\sha384\openssl_sha384.sh

openSSL configuration files (used with both scripts above): 

   root certificate configuration file: openssl_config_root.txt
   CA certificate configuration file:  openssl_config_ca.txt

If you don't want to go through the process of creating your own certificates, I've attached mine (and associated test keys) that were generated with the scripts above:

   sha1 certificates: sha1.zip\sha1\rootcert.pem  and  sha1.zip\sha1\cacert.pem
 
   sha384 certificates: sha384.zip\sha384\rootcert.pem  and  sha384.zip\sha384\cacert.pem
My test application source code is attached:

x509.cpp

Thanks!
-Chris

sha1.zip
sha384.zip
x509.cpp
openssl_config_ca.txt
openssl_config_root.txt

Chris Rhoads

unread,
Oct 31, 2016, 12:10:42 PM10/31/16
to Crypto++ Users
Problem resolved.  I determined my signature algorithm isn't seasoned enough.  Crypto++ requires the salt length to be 48 bytes with sha384.
Reply all
Reply to author
Forward
0 new messages