Menu
▾
▴
Re: [TrouSerS-users] Verifying Signature of TCPA_CERTIFY_INFO Structure
|
From: Carolin L. <car...@un...> - 2008-08-21 16:35:42
|
Hi Hal, thanks for the answer. I hoped it would be a different one, since the 20 bytes do not match my signature ;-) I think I have to go over the code again... BTW: Is there already any Open Source implementation of SKAE available? Regards Carolin Hal Finney wrote: > HI Carolin - The 35 bytes are a concatenation of a byte string > representing the hash algorithm, and the hash itself. The byte string > is what is called an OID, or Object ID, in the ASN.1 DER encoding. A > good introduction to ASN.1 and the byte encodings is the "Layman's > Guide", found for example at > http://luca.ntop.org/Teaching/Appunti/asn1.html . > > In the case of SHA-1, the 15 byte prefix should be: > > 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 > > (Googled "sha1 oid" for finding this.) > > So you should see this byte string, followed by your 20-byte sha-1 > hash, when you do the RSA decrypt (which strips off the PKCS-1 > padding). > > Hal > > On Fri, Aug 15, 2008 at 7:18 AM, Carolin Latze <car...@un...> wrote: > >> Hi everybody, >> >> I started again working on my TPM project after a long unplanned break. >> I have some problems that I already solved in the past, but unfortunatly >> I cannot remember their solution :( Perhaps, somebody on the list can >> help me: >> >> I have a key, that is certified using another key using the >> Tspi_Key_CertifyKey method. Now I want to verify the signature of the >> TCPA_CERTIFY_INFO structure using OpenSSL. In order to do so, I >> decrypted the 256 bytes long signature using RSA_public_decrypt, which >> results in a 35 bytes long hash?! I expected 20 bytes SHA-1. I thought, >> that the TCPA_CERTIFY_INFO structure gets hashed using SHA-1 and then >> signed. Are the 35 bytes a concatenation of something? >> >> Thanks in Advance >> Carolin >> |