Menu
▾
▴
[Opensc-devel] Issues verifying PIV signatures
|
From: Charlie B. <cha...@gm...> - 2013-08-23 15:27:15
|
Hi,
I am not sure if this is more of a question for the OpenSC-devel or for the
OpenSSL lists but here it goes.
I have been working on integrating PIV cards into our software program
architecture and have run into an issue verifying the signatures generated
by PIV cards. I have generated the signature using openssl through
engine_pkcs11 and opensc-pkcs11 and I cannot get it to verify. No matter
what I do the output from OpenSSL returns with:
139868424963728:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139868424963728:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding
check failed:rsa_eay.c:721:
The script I am using to sign and verify this is:
#!/bin/bash
# Usage: $0 <name of file to sign> <private key identifier for engine>
cat >asn1.conf <<EOF
asn1 = SEQUENCE:digest_info_and_digest
[digest_info_and_digest]
dinfo = SEQUENCE:digest_info
digest = FORMAT:HEX,OCT:`openssl dgst -sha1 $1 |cut -f 2 -d ' '`
[digest_info]
algid = OID:1.3.14.3.2.26
params = NULL
EOF
openssl << EOT
engine dynamic -vvvv -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
-pre ID:pkcs11 -pre NO_VCHECK:1 \
-pre LIST_ADD:1 -pre LOAD \
-pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
asn1parse -i -genconf asn1.conf -out $1.dgst.asn1
rsautl -engine pkcs11 -keyform engine -sign -in $1.dgst.asn1 -inkey $2 -out
$1.sig.rsa
rsautl -engine pkcs11 -keyform engine -verify -in $1.sig.rsa -inkey $2 -out
$1.dgst.asn1_v
EOT
Note that this script was created to replicate an issue being seen in our
code trying to verify using the EVP_Verify* API calls once the signature
was generated and uses the script from
http://stackoverflow.com/questions/9951559/difference-between-openssl-rsautl-and-dgstas
reference material.
Am I doing something incorrect to generate the signature so that is can't
be verified? Or could there be an issue with the signature generation from
the card??
Charles Bancroft
Software Engineer
Raytheon BBN Technologies
|
