Signature Verification Issue, PHP or C++?
Robert F.
Hello, I'm trying to use CryptoPP for RSA encryption and to interface it
between PHP and C++.
So I have a little test program on my web server that is using phpseclib to
generate RSA keypairs for what eventually will be the "CA" key. the only
problem is the output on PHP is saying that verification is correct, while
C++ is saying otherwise due to the following error: "PK_Signer: key too
short for this signature scheme". How can I go about fixing this.
PHP w/ output:
<?php
echo "BEGIN SIGN <p>";
include("../php/Crypt/RSA.php");
$rsa = new Crypt_RSA();
extract($rsa->createKey(512));
$plaintext = 'terrafrost';
echo "PRIV: ". $privatekey ." <p>";
echo "PUB: ". $publickey ." <p>";
$rsa->loadKey($privatekey);
$signature = $rsa->sign($plaintext);
echo "S: ".$signature."<p>";
echo "H: ".bin2hex($signature)."<p>";
$rsa->loadKey($publickey);
echo $rsa->verify($plaintext, $signature) ? 'verified<p>' : 'unverified<p>';
echo "DONE";
?>
Outputs the following:
BEGIN SIGN
PRIV: -----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAIIB5l2bsi3mTe1ym+1jCXbWWbbphx3bKEvWSnK8FsCoV7FaCEDQtutjdStn5sAv
FzPHA3OBfOucPhHQfE/1JEkCAwEAAQJAF8DNHDFEPsqjVkzoXFkJ86J6RccpHrVaCXEfrRLcfVp/
1dMHKAPcNgDfhjIhbxayVlUtayW3dUjEcTQadNbZeQIhAI35QHmXrBhmaTk4aN58WiDthpWXjkDe
cCcsisjL/smvAiEA6mxP1zNym3yH3PU6IjGdFn4w9KEssK1t5uCkgYJ7B4cCIDKNCFcDGUTK2jaE
jlqBvnmw+VW0U/NnAFoCcxwR/pODAiEAlYCmGpTRDqCI9T3f6VbC3El2Z00y9ypj4M57m6zfUZkC
IG+mPY+ffC+n86Y6NheX/b4s8u2AypS8DkHy474D+HbO -----END RSA PRIVATE KEY-----
PUB: -----BEGIN PUBLIC KEY-----
MEgCQQCCAeZdm7It5k3tcpvtYwl21lm26Ycd2yhL1kpyvBbAqFexWghA0LbrY3UrZ+bALxczxwNz
gXzrnD4R0HxP9SRJAgMBAAE= -----END PUBLIC KEY-----
S: 1�¡|
�bµ�{B Qø¹¶¸��¥*cC¨ ñ¢KS²�¨��m­ît§f|Pø��æb��W'��
º¾"~! � ?
H:
3100a17c1f8b62b5d37b420451f8b9b6b8decaa52a6343a808f1a24b53b29da889916dadee74a7667c50f8d087e66282d6572789981cbabe227e21090a84043f
verified
DONE
And this is my C++ code, I'm using Crypto++ 5.6.1 compiled as a static
library.
bool xxz568::caVerify(std::string message, std::string signature) {
const char * CA_PUBLIC_KEY =
{"MEgCQQCCAeZdm7It5k3tcpvtYwl21lm26Ycd2yhL1kpyvBbAqFexWghA0LbrY3UrZ+bALxczxwNz
gXzrnD4R0HxP9SRJAgMBAAE="};
std::string dec, fin;
Base64Decode(CA_PUBLIC_KEY, dec);
HexEncode(dec, fin);
cout << "CA P: " << fin << endl;
Integer rsaPub(fin.c_str());
InvertibleRSAFunction certAuth;
certAuth.SetModulus(rsaPub);
cout << "CA MOD: " << certAuth.GetModulus() << endl;
RSA::PublicKey publicKey(certAuth);
std::string holder;
try {
RSASSA_PKCS1v15_SHA_Verifier verifier(publicKey);
HexDecode(signature, holder);
StringSource(message+holder, true,
new SignatureVerificationFilter(
verifier, NULL,
SignatureVerificationFilter::THROW_EXCEPTION
) // SignatureVerificationFilter
); // StringSource
}
catch(CryptoPP::Exception e) {
cout << e.GetWhat() << endl;
cout << e.GetErrorType() << endl;
return false;
}
return true;
}
--
View this message in context: http://old.nabble.com/Signature-Verification-Issue%2C-PHP-or-C%2B%2B--tp30852734p30852734.html
Sent from the Crypto++ Users mailing list archive at Nabble.com.
Robert F.
Have an update, maybe a little easier of a problem to answer now.
The PHP code was not set to the PKCS mode, I have fixed that, I have also
updated my crypto++ code a little more, and am now getting a new and more,
questionable error.
VerifierFilter: digital signature not valid
here is my code:
bool xxz568::caVerify(std::string message, std::string signature) {
const char * CA_PUBLIC_KEY =
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YP/EBPTQUjsav6Uinz1GZgudRFm6yCzTNM4C6IxMPfOLU4yRzTRKXhJREsc+IcFr09J121Qbe6RttZT8DgEDFf8xRjjWQWndEDkoA5mfF7W3rMhY8erGai2StbS1gONLAnd8xHuHioHoWIrsHwhm8oDw1TQ8rwd7xu/wteOfowIDAQAB";
std::string dec, fin;
Base64Decode(CA_PUBLIC_KEY, dec);
HexEncode(dec, fin);
Integer rsaPub(fin.c_str()), rsaexp("65537");
InvertibleRSAFunction certAuth;
certAuth.SetModulus(rsaPub);
certAuth.SetPublicExponent(rsaexp);
RSA::PublicKey publicKey(certAuth);
std::string holder;
try {
RSASSA_PKCS1v15_SHA_Verifier verifier(publicKey);
verifier.AccessKey().Initialize(rsaPub, rsaexp);
HexDecode(signature, holder);
StringSource(holder, true,
new SignatureVerificationFilter(
verifier, NULL,
SignatureVerificationFilter::THROW_EXCEPTION
) // SignatureVerificationFilter
); // StringSource
}
catch(CryptoPP::Exception e) {
cout << e.GetWhat() << endl;
cout << e.GetErrorType() << endl;
return false;
}
return true;
}
here is the updated php code and outputted hex result:
include("../php/Crypt/RSA.php");
$rsa = new Crypt_RSA();
//extract($rsa->createKey(512));
$plaintext = "terrafrost";
$rsa->loadKey(CA_private());
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signature = $rsa->sign($plaintext);
echo "S: ".$signature."<p>";
echo "H: ".bin2hex($signature)."<p>";
$rsa->loadKey(CA_public());
echo $rsa->verify($plaintext, $signature) ? 'verified<p>' : 'unverified<p>';
and gives me this:
34fecdcf4b989f26341856d658cfedf5cb1bb7743834c587b064818b1fcd8de538e58a734c6e895ed44d967c3767fa65033c30992d4770c273895de38e375b27033c36b903b358a827d77424845704ec7fa33775b5d1f24704a8f9646e2f4a9668a10e18c71539c7c0450dc8bf4f82ead4c67879e0e4739e819a11091afac2ee
--
View this message in context: http://old.nabble.com/Signature-Verification-Issue%2C-PHP-or-C%2B%2B--tp30852734p30879245.html
Jeffrey Walton
On Feb 8, 9:15 pm, "Robert F." <rfrit...@phantomdev.net> wrote:
> Have an update, maybe a little easier of a problem to answer now.
>
> The PHP code was not set to the PKCS mode, I have fixed that, I have also
> updated my crypto++ code a little more, and am now getting a new and more,
> questionable error.
>
> VerifierFilter: digital signature not valid
>
> here is my code:
>
> bool xxz568::caVerify(std::string message, std::string signature) {
>
> const char * CA_PUBLIC_KEY =
> std::string dec, fin;
> Base64Decode(CA_PUBLIC_KEY, dec);
> HexEncode(dec, fin);
keys after this operation. See http://www.cryptopp.com/wiki/Keys_and_Formats.
> --
Robert F.
The key comes in PEM Format (PHP generates PEM KEY: ie -----BEGIN RSA
PRIVATE KEY------KEY------END RSA PRIVATE KEY-----).
I stripped the begin.end objects, decrypt the base 64 which puts the key in
ASCII Binary Format (HexDecoded) is this what I need to be putting into the
integer object, or one that is encoded by hex?
> --
> You received this message because you are subscribed to the "Crypto++
> Users" Google Group.
> To unsubscribe, send an email to
> cryptopp-user...@googlegroups.com.
> More information about Crypto++ and this group is available at
> http://www.cryptopp.com.
>
>
--
View this message in context: http://old.nabble.com/Signature-Verification-Issue%2C-PHP-or-C%2B%2B--tp30852734p30886862.html
Jeffrey Walton
On Feb 9, 4:00 pm, "Robert F." <rfrit...@phantomdev.net> wrote:
> The key comes in PEM Format (PHP generates PEM KEY: ie -----BEGIN RSA
> PRIVATE KEY------KEY------END RSA PRIVATE KEY-----).
>
> I stripped the begin.end objects, decrypt the base 64 which puts the key in
> ASCII Binary Format (HexDecoded) is this what I need to be putting into the
> integer object, or one that is encoded by hex?
RSASSA_PKCS1v15_SHA_Verifier verifier(publicKey);
The following is extraneous since the verifier is intialized in the
ctor:
verifier.AccessKey().Initialize(rsaPub, rsaexp);
http://www.cryptopp.com/wiki/Keys_and_Formats and
http://www.cryptopp.com/wiki/RSA_Signature_Schemes might be helpful.
Jeff