Re: 'RSA_verify' and 'RSA_padding_check_PKCS1_type

Rodrigo Canellas

unread,

Apr 22, 2009, 9:31:16 AM4/22/09

to

--Boundary-00=_evx7JvGRoILfBdV
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Em Friday 17 April 2009 18:05:35 Dr. Stephen Henson escreveu:
> On Fri, Apr 17, 2009, Rodrigo Canellas wrote:
>
> > Hi!
> >
> >
> >
> > I am trying to use 'RSA_verify' to verify a signature, but I am getting the error "67567722", which is translated to: "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01".
> >
> >
> >
> > When I use 'openssl pkcs7 -in TEST_KEY.RSA -print_certs -text -noout -inform DER', I get:
> > "
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number:
> > a7:01:33:46:d1:d9:e3:d0
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com
> > Validity
> > Not Before: Feb 3 13:50:52 2009 GMT
> > Not After : Feb 3 13:50:52 2010 GMT
> > Subject: C=BR, ST=RJ, O=TQTVD, OU=Test, CN=Astro Test Certificate
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (1024 bit)
> > Modulus (1024 bit):
> > 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e:
> > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93:
> > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64:
> > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd:
> > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22:
> > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab:
> > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92:
> > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df:
> > 75:26:6b:21:72:ec:ae:6e:9b
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > X509v3 Basic Constraints:
> > CA:FALSE
> > Netscape Comment:
> > OpenSSL Generated Certificate
> > X509v3 Subject Key Identifier:
> > AF:2D:B9:4E:87:03:CD:53:90:BF:C5:BE:1C:BC:6A:4B:F2:86:67:D8
> > X509v3 Authority Key Identifier:
> > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10
> >
> >
> >
> > Signature Algorithm: sha1WithRSAEncryption
> > 06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93:
> > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a:
> > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02:
> > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6:
> > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21:
> > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be:
> > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47:
> > 6e:99
> >
> >
> >
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number:
> > a7:01:33:46:d1:d9:e3:cf
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com
> > Validity
> > Not Before: Feb 3 13:15:26 2009 GMT
> > Not After : Feb 3 13:15:26 2012 GMT
> > Subject: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (1024 bit)
> > Modulus (1024 bit):
> > 00:a9:f9:f8:70:d7:aa:a2:16:83:59:69:11:af:f8:
> > dc:6d:f2:0b:e1:b1:39:12:90:4c:28:e2:24:da:8b:
> > 49:78:3c:97:2f:4e:ca:2e:1f:29:a4:f9:94:40:17:
> > b2:6b:30:5b:51:20:f9:50:f3:be:1f:f4:ce:35:fb:
> > 05:93:98:04:37:aa:d8:1f:90:a5:f7:04:43:ed:b3:
> > 8a:fd:00:fa:f1:36:a8:ef:29:bb:cf:92:95:5f:e0:
> > 04:f2:2b:64:52:63:ac:f2:77:b7:b1:60:cf:5e:13:
> > e9:ec:8e:37:ef:c3:de:ca:55:51:1d:f5:61:c2:c8:
> > b0:e7:c2:3e:4b:1f:c3:16:49
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > X509v3 Subject Key Identifier:
> > 96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10
> > X509v3 Authority Key Identifier:
> > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10
> > DirName:/C=BR/ST=RJ/O=TQTVD/OU=Development/CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com
> > serial:A7:01:33:46:D1:D9:E3:CF
> >
> >
> >
> > X509v3 Basic Constraints:
> > CA:TRUE
> > Signature Algorithm: sha1WithRSAEncryption
> > 60:95:2e:f7:21:f0:16:bc:67:35:6c:c1:0d:ea:0d:25:38:2a:
> > c8:70:4e:8b:99:08:27:65:88:3e:ff:9c:eb:4d:26:e2:30:15:
> > 34:2b:82:58:65:ff:29:d3:ec:9f:12:50:f9:65:c0:79:1c:63:
> > 72:52:13:c3:b2:68:41:3a:b2:3c:8e:47:11:28:f2:c4:61:98:
> > 1e:de:97:08:3d:b0:c6:06:db:44:f8:b2:92:6e:68:42:8c:5c:
> > b3:66:dd:f0:72:32:12:c9:ae:d2:a2:0b:7a:f5:ca:ea:30:cb:
> > 11:f6:2b:31:d8:ac:eb:49:37:c2:79:07:e2:e9:78:51:6b:23:
> > a7:33
> > "
> >
> >
> >
> > The hash of the file that was signed by the first certificate in the chain, i.e., serial "a7:01:33:46:d1:d9:e3:d0" is "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F". I get this result from my program as well as from 'sha1sum'.
> >
> >
> >
> > 'RSA_verify' is called with:
> > 'type' as "NID_sha1",
> > 'm' as "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F",
> > 'm_len' is "20",
> > 'sigbuf' is
> > '06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93:
> > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a:
> > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02:
> > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6:
> > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21:
> > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be:
> > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47:
> > 6e:99'
> > 'siglen' is "128",
> > and 'rsa' is created like this (error checking and handling ommited):
> > "
> > rsa = RSA_new ();
> > rsa->n = BN_bin2bn(bufPubKeyMod, pubKeyMod.size (), 0);
> > rsa->e = BN_bin2bn(bufPubKeyExp, 3, 0);
> > "
> > where 'bufPubKeyMod' is
> > " 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e:
> > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93:
> > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64:
> > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd:
> > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22:
> > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab:
> > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92:
> > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df:
> > 75:26:6b:21:72:ec:ae:6e:9b"
> >
> >
> >
> > and 'bufPubKeyExp' is "01:00:01"
> >
> >
> >
> > What I do not understand (and I think this is the cause of the error) is why the modulus of the certificate "a7:01:33:46:d1:d9:e3:d0" has 129 bytes, instead of 128? What does the first '0x00' byte mean?
> >
> >
> >
> > But, as I am extremely newbie to cryptography, and even more to 'openssl', I am sure I am making a, well, newbie mistake.
> >
> >
> >
>
> That error usually means you are using the wrong key and/or signature or one
> or the other has become corrupted.
>
> In this case you are using the wrong signature altogether.
>
> Unless you have a good reason to manually process a PKCS#7 signature I'd
> suggest you use the "smime" utility instead or the documented S/MIME API.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>

I tried to use the other certificate in the PKCS#7 file, and this time I got an error that clearly tells me I am using a bad signature: "Error number '67596392', which means 'error:04077068:rsa routines:RSA_verify:bad signature', while verifying the signature", instead of the error "67567722", which is translated to: "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01".

Isn't it possible that the error "67567722" means something different from "> In this case you are using the wrong signature altogether.", as Dr. Stephen N. Henson pointed out?

Meanwhile, I will take a look S/MIME API.

Thanks a lot!

--
Rodrigo Canellas
Software Developer
Digital TV Products
+55 21 3147-3000/8675
rodrigo....@tqtvd.com
www.tqtvd.com
TQTVD Software

--Boundary-00=_evx7JvGRoILfBdV
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'DejaVu Sans'; font-size:9pt; font-weight:400; font-style:normal;"> Em Friday 17 April 2009 18:05:35 Dr. Stephen Henson escreveu: 
> On Fri, Apr 17, 2009, Rodrigo Canellas wrote: 
> 
> > Hi! 
> > 
> > 
> > 
> > I am trying to use 'RSA_verify' to verify a signature, but I am getting the error "67567722", which is translated to: "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01". 
> > 
> > 
> > 
> > When I use 'openssl pkcs7 -in TEST_KEY.RSA -print_certs -text -noout -inform DER', I get: 
> > " 
> > Certificate: 
> > Data: 
> > Version: 3 (0x2) 
> > Serial Number: 
> > a7:01:33:46:d1:d9:e3:d0 
> > Signature Algorithm: sha1WithRSAEncryption 
> > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com 
> > Validity 
> > Not Before: Feb 3 13:50:52 2009 GMT 
> > Not After : Feb 3 13:50:52 2010 GMT 
> > Subject: C=BR, ST=RJ, O=TQTVD, OU=Test, CN=Astro Test Certificate 
> > Subject Public Key Info: 
> > Public Key Algorithm: rsaEncryption 
> > RSA Public Key: (1024 bit) 
> > Modulus (1024 bit): 
> > 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: 
> > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: 
> > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: 
> > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: 
> > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: 
> > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: 
> > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: 
> > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: 
> > 75:26:6b:21:72:ec:ae:6e:9b 
> > Exponent: 65537 (0x10001) 
> > X509v3 extensions: 
> > X509v3 Basic Constraints: 
> > CA:FALSE 
> > Netscape Comment: 
> > OpenSSL Generated Certificate 
> > X509v3 Subject Key Identifier: 
> > AF:2D:B9:4E:87:03:CD:53:90:BF:C5:BE:1C:BC:6A:4B:F2:86:67:D8 
> > X509v3 Authority Key Identifier: 
> > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 
> > 
> > 
> > 
> > Signature Algorithm: sha1WithRSAEncryption 
> > 06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: 
> > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: 
> > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: 
> > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: 
> > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: 
> > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: 
> > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: 
> > 6e:99 
> > 
> > 
> > 
> > Certificate: 
> > Data: 
> > Version: 3 (0x2) 
> > Serial Number: 
> > a7:01:33:46:d1:d9:e3:cf 
> > Signature Algorithm: sha1WithRSAEncryption 
> > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com 
> > Validity 
> > Not Before: Feb 3 13:15:26 2009 GMT 
> > Not After : Feb 3 13:15:26 2012 GMT 
> > Subject: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com 
> > Subject Public Key Info: 
> > Public Key Algorithm: rsaEncryption 
> > RSA Public Key: (1024 bit) 
> > Modulus (1024 bit): 
> > 00:a9:f9:f8:70:d7:aa:a2:16:83:59:69:11:af:f8: 
> > dc:6d:f2:0b:e1:b1:39:12:90:4c:28:e2:24:da:8b: 
> > 49:78:3c:97:2f:4e:ca:2e:1f:29:a4:f9:94:40:17: 
> > b2:6b:30:5b:51:20:f9:50:f3:be:1f:f4:ce:35:fb: 
> > 05:93:98:04:37:aa:d8:1f:90:a5:f7:04:43:ed:b3: 
> > 8a:fd:00:fa:f1:36:a8:ef:29:bb:cf:92:95:5f:e0: 
> > 04:f2:2b:64:52:63:ac:f2:77:b7:b1:60:cf:5e:13: 
> > e9:ec:8e:37:ef:c3:de:ca:55:51:1d:f5:61:c2:c8: 
> > b0:e7:c2:3e:4b:1f:c3:16:49 
> > Exponent: 65537 (0x10001) 
> > X509v3 extensions: 
> > X509v3 Subject Key Identifier: 
> > 96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 
> > X509v3 Authority Key Identifier: 
> > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 
> > DirName:/C=BR/ST=RJ/O=TQTVD/OU=Development/CN=Astro Root CA Certificate/emailAddress=rcan...@tqtvd.com 
> > serial:A7:01:33:46:D1:D9:E3:CF 
> > 
> > 
> > 
> > X509v3 Basic Constraints: 
> > CA:TRUE 
> > Signature Algorithm: sha1WithRSAEncryption 
> > 60:95:2e:f7:21:f0:16:bc:67:35:6c:c1:0d:ea:0d:25:38:2a: 
> > c8:70:4e:8b:99:08:27:65:88:3e:ff:9c:eb:4d:26:e2:30:15: 
> > 34:2b:82:58:65:ff:29:d3:ec:9f:12:50:f9:65:c0:79:1c:63: 
> > 72:52:13:c3:b2:68:41:3a:b2:3c:8e:47:11:28:f2:c4:61:98: 
> > 1e:de:97:08:3d:b0:c6:06:db:44:f8:b2:92:6e:68:42:8c:5c: 
> > b3:66:dd:f0:72:32:12:c9:ae:d2:a2:0b:7a:f5:ca:ea:30:cb: 
> > 11:f6:2b:31:d8:ac:eb:49:37:c2:79:07:e2:e9:78:51:6b:23: 
> > a7:33 
> > " 
> > 
> > 
> > 
> > The hash of the file that was signed by the first certificate in the chain, i.e., serial "a7:01:33:46:d1:d9:e3:d0" is "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F". I get this result from my program as well as from 'sha1sum'. 
> > 
> > 
> > 
> > 'RSA_verify' is called with: 
> > 'type' as "NID_sha1", 
> > 'm' as "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F", 
> > 'm_len' is "20", 
> > 'sigbuf' is 
> > '06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: 
> > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: 
> > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: 
> > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: 
> > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: 
> > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: 
> > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: 
> > 6e:99' 
> > 'siglen' is "128", 
> > and 'rsa' is created like this (error checking and handling ommited): 
> > " 
> > rsa = RSA_new (); 
> > rsa->n = BN_bin2bn(bufPubKeyMod, pubKeyMod.size (), 0); 
> > rsa->e = BN_bin2bn(bufPubKeyExp, 3, 0); 
> > " 
> > where 'bufPubKeyMod' is 
> > " 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: 
> > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: 
> > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: 
> > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: 
> > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: 
> > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: 
> > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: 
> > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: 
> > 75:26:6b:21:72:ec:ae:6e:9b" 
> > 
> > 
> > 
> > and 'bufPubKeyExp' is "01:00:01" 
> > 
> > 
> > 
> > What I do not understand (and I think this is the cause of the error) is why the modulus of the certificate "a7:01:33:46:d1:d9:e3:d0" has 129 bytes, instead of 128? What does the first '0x00' byte mean? 
> > 
> > 
> > 
> > But, as I am extremely newbie to cryptography, and even more to 'openssl', I am sure I am making a, well, newbie mistake. 
> > 
> > 
> > 
> 
> That error usually means you are using the wrong key and/or signature or one 
> or the other has become corrupted. 
> 
> In this case you are using the wrong signature altogether. 
> 
> Unless you have a good reason to manually process a PKCS#7 signature I'd 
> suggest you use the "smime" utility instead or the documented S/MIME API. 
> 
> Steve. 
> -- 
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage 
> OpenSSL project core developer and freelance consultant. 
> Homepage: http://www.drh-consultancy.demon.co.uk 
> ______________________________________________________________________ 
> OpenSSL Project http://www.openssl.org 
> User Support Mailing List openss...@openssl.org 
> Automated List Manager majo...@openssl.org 
> 
 I tried to use the other certificate in the PKCS#7 file, and this time I got an error that clearly tells me I am using a bad signature: "Error number '67596392', which means 'error:04077068:rsa routines:RSA_verify:bad signature', while verifying the signature", instead of the error "67567722", which is translated to: "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01". 
 Isn't it possible that the error "67567722" means something different from "> In this case you are using the wrong signature altogether.", as Dr. Stephen N. Henson pointed out? 
 Meanwhile, I will take a look S/MIME API. 
 Thanks a lot! 
 -- 
Rodrigo Canellas 
Software Developer 
Digital TV Products 
+55 21 3147-3000/8675 
rodrigo....@tqtvd.com 
www.tqtvd.com 
TQTVD Software</body></html>
--Boundary-00=_evx7JvGRoILfBdV--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Dave Thompson

unread,

Apr 23, 2009, 3:07:23 PM4/23/09

to

> From: owner-ope...@openssl.org On Behalf Of Rodrigo Canellas
> Sent: Wednesday, 22 April, 2009 09:30
<snip long quote, including PKCS7 containing entity and CA certs>

> I tried to use the other certificate in the PKCS#7 file, and this
time
> I got an error that clearly tells me I am using a bad signature:
> "Error number '67596392', which means
> 'error:04077068:rsa routines:RSA_verify:bad signature', while verifying
the signature",
> instead of the error "67567722", which is translated to:
> "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
not 01".

Do you mean you are using the pubkey from the second cert,
with the signature value from the first cert as before?

> Isn't it possible that the error "67567722" means something
different from
> "> In this case you are using the wrong signature altogether.",
> as Dr. Stephen N. Henson pointed out?

Not really. As I said before, the signature in the entity cert
is the signature OF THAT CERT'S BODY BY THE CA (KEY&) CERT.

Using cert1.signature and cert1.body.pubkey couldn't even
RSA-decrypt the signature as it failed PKCS1 checking,
because that's not the right key for that sigvalue.

If you used cert1.signature and cert2.body.pubkey
then the signature will RSA-decrypt OK (no PKCS1 problem)
but it will only match (and verify) the data in cert1.body
because that's the data it signed.

If you want to verify a signature of data by (the key in) cert1,
which is what you said you wanted, you have to use:
- rawsigneddata = hash of the file (as you had before)
- signaturevalue = THE SIGNATURE OF THE FILE
- pubkey = (internalized) cert1.pubkey

If you want to verify cert1 itself (under cert2) use:
- rawsigneddata = hash of the certinfo part of cert1
- signaturevalue = cert1.signature
- pubkey = (internalized) cert2.pubkey

I don't see how I say it any clearer than that.

Rodrigo Canellas

unread,

Apr 24, 2009, 10:10:10 AM4/24/09

to

--Boundary-00=_Fgc8JE2ypcdTlK0

Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

I thank you all very much for your help!! It is working now!

And I apologize for the lack of basic knowledge...

--
Rodrigo Canellas
Software Developer
Digital TV Products
+55 21 3147-3000/8675
rodrigo....@tqtvd.com
www.tqtvd.com
TQTVD Software

--Boundary-00=_Fgc8JE2ypcdTlK0

Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'DejaVu Sans'; font-size:9pt; font-weight:400; font-style:normal;">Em Thursday 23 April 2009 16:07:04 Dave Thompson escreveu: 
> > From: owner-ope...@openssl.org On Behalf Of Rodrigo Canellas 
> > Sent: Wednesday, 22 April, 2009 09:30 
> <snip long quote, including PKCS7 containing entity and CA certs> 
> 
> > I tried to use the other certificate in the PKCS#7 file, and this 
> time 
> > I got an error that clearly tells me I am using a bad signature: 
> > "Error number '67596392', which means 
> > 'error:04077068:rsa routines:RSA_verify:bad signature', while verifying 
> the signature", 
> > instead of the error "67567722", which is translated to: 
> > "error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is 
> not 01". 
> 
> Do you mean you are using the pubkey from the second cert, 
> with the signature value from the first cert as before? 
> 
> > Isn't it possible that the error "67567722" means something 
> different from 
> > "> In this case you are using the wrong signature altogether.", 
> > as Dr. Stephen N. Henson pointed out? 
> 
> Not really. As I said before, the signature in the entity cert 
> is the signature OF THAT CERT'S BODY BY THE CA (KEY&) CERT. 
> 
> Using cert1.signature and cert1.body.pubkey couldn't even 
> RSA-decrypt the signature as it failed PKCS1 checking, 
> because that's not the right key for that sigvalue. 
> 
> If you used cert1.signature and cert2.body.pubkey 
> then the signature will RSA-decrypt OK (no PKCS1 problem) 
> but it will only match (and verify) the data in cert1.body 
> because that's the data it signed. 
> 
> If you want to verify a signature of data by (the key in) cert1, 
> which is what you said you wanted, you have to use: 
> - rawsigneddata = hash of the file (as you had before) 
> - signaturevalue = THE SIGNATURE OF THE FILE 
> - pubkey = (internalized) cert1.pubkey 
> 
> If you want to verify cert1 itself (under cert2) use: 
> - rawsigneddata = hash of the certinfo part of cert1 
> - signaturevalue = cert1.signature 
> - pubkey = (internalized) cert2.pubkey 
> 
> I don't see how I say it any clearer than that. 
> 
> 
>

> ______________________________________________________________________ 
> OpenSSL Project http://www.openssl.org 
> User Support Mailing List openss...@openssl.org 
> Automated List Manager majo...@openssl.org 
>

I thank you all very much for your help!! It is working now! 
 And I apologize for the lack of basic knowledge...

-- 
Rodrigo Canellas 
Software Developer 
Digital TV Products 
+55 21 3147-3000/8675 
rodrigo....@tqtvd.com 
www.tqtvd.com 
TQTVD Software</body></html>

--Boundary-00=_Fgc8JE2ypcdTlK0--

Re: 'RSA_verify' and 'RSA_padding_check_PKCS1_type_1:block type is not 01' error

Rodrigo Canellas

Dave Thompson

Rodrigo Canellas