EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How Do I Verify a Message in PKCS#1 format

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#15067
Posted: 11/16/2010 11:26:33
by FORET Christophe (Basic support level)
Joined: 11/16/2010
Posts: 2

I would like to verify a signed message that I'm receiving from a contact.The file structure is as follow:

File Header block :
Size : 4 bytes
Value 1 : ...
Value 2 : ...
...

File Content block :
Size : 4 bytes
Value 1 : ...
Value 2 : ...
...

File Control block :
Size : 4 bytes
Signature size : 4 Bytes
Signature : Y Bytes - (SHA-1/RSA on whole file "Header + File ocntent" in PKCS#1 format)
Certificat size : 4 Bytes
Certificat : Z Bytes (Certificat X509 of class 4)


Actually we are doing it using OpenSSL command lines, that we would like to replace by appropriate SecureBlackBox object.
In OpenSSL we do as follow:

1 - Extracting Publick Key form certificat :
Code
openssl x509 -noout -in certificat.PEM -pubkey > pubkey.PEM

where certificat is in PEM format


2 - Verifying signature using publick key :
Code
openssl rsautl -verify -hexdump -in signature.txt -pubin -inkey pubkey.PEM -out digest.txt

where signature.txt content the Y bytes from File Control block

The digest.txt is then compare to the Hash of "File Header block + File Content block" build using ElHasFunction.finish


What would be the appropriate object to verify the message ? (in VCL version)

Is it possible to pass all the file to this object so that it will verify it our should we (as in OpenSSL) check it using part of the file to check?

Thanks for your answear.
#15072
Posted: 11/16/2010 17:51:32
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Please use TElRSAPublicKeyCrypto and TElRSAKeyMaterial objects to perform the validation. You will find the sample code in the %SBB%\Samples\...\PKIBlackbox\Primitives\VerifyDetached\ directory.

The format of your file is non-standardized, so you will have to decode it yourself before passing to SecureBlackbox components (as you do with OpenSSL).
#15629
Posted: 01/28/2011 11:03:05
by FORET Christophe (Basic support level)
Joined: 11/16/2010
Posts: 2

I'm caming back on my project and I'm trying to implement the objects that you mentioned above and now I'm facing the following problem:

Assuming that I have the following objects:

myCrypto : TElRSAPublicKeyCrypto;
myKey : TElRSAKeyMaterial;

I'm checking the following properties values:

myKey.FormatKey => rsaPKCS1
myKey.PublicKey => True

myCrypto.KeyMaterial => myKey
myCrypto.CryptoType => rsapktPKCS1

If I'm calling the myCrypto.VerifyDetached(myDataToVerify, mySignature) or even calling Verify(mySignature, myOutBuffer) I'm getting a exception EElBuiltInCryptoProviderError with message BadSignatureFormatting.

According to my documentation the signature that I'm trying to verify is suppose to be of type SHA-1/RSA PKCS#1.

The only cryptoType that do not make exception is the rsapktPSS but then the VerifyDetach and Verify function return a pkvrInvalidSignature value.

Am I wrong in something? Do the rsapktPKCS1 cryptotype needs something in order to work? IS there something that I can check to get more information of what's going wrong?

Notice that with OpenSSL it was working find with exactly the same datas and signature to verify.

Thanks for your answer
#15631
Posted: 01/28/2011 11:30:31
by Eugene Mayevski (EldoS Corp.)

I am moving your question to HelpDesk.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1026 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!