Peter Djalaliev wrote: > Hello, > > Has anybody tried to verify under NSS the signature of data signed under > OpenSSL and vice versa? Assuming the same RSA public key (modulus and > public exponent) and the same signature algorithm (RSA signature with > PKCS#1 padding and SHA-1 message digest), we should be able to sign a > buffer of unsigned characters using calls from one library and verify > the signature using calls from the other library, right? > > I tried signing some data under OpenSSL and verifying the signature > under NSS, but it didn't seem to work. Here is what I did: > > 1) generated an RSA key pair with RSA_generate_keys() > 2) computed the message digest a string of unsigned characters with sha1() > 3) signed the digest with RSA_sign(). The message digest type I > specified was NID_sha1. > 4) wrote the RSA public key to a buffer in ther DER format with > i2d_RSAPublicKey
I'm not familiar with the OpenSSL code, so I don't know if the functions and digest types you specified result in the use of PKCS#1 v1.5 block formatting of the signature, or not. Do you? If your code is causing the bare SHA1 digest to be input to the RSA private key operation, without being PKCS#1 encoded first, or without the hash algorithm OID being encoded with it, then that's the problem. > 5) copied the buffer containing the DER public key in a NSS SECItem object > 6) used that pbject to obtain a SECKEYPublicKey object with > SECKEY_ImportDERPublicKey() > 7) used the public key, the digest of the original data and the > signature produced by RSA_sign to verify the signature with > VFY_VerifyDigest() > The SECOidAlg tag I used with VFY_VerifyDigest() was > SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION. That all sounds right. My guess is that the value extracted from the RSA public key operation didn't have the right PKCS#1 format for a signature. But that's just a guess. > VFY_VerifyDigest return something other than SECSuccess. What value did PR_GetError return? It will be a negative number. Look it up at http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html > I didn't specify a wincx with VFY_VerifyDigest, I passed NULL instead of > the pointer. That's OK. > Does anybody have any ideas? I can post my code if anybody wants to > look at it... Use a source code debugger, and step through it, and see where it fails. You can start by setting a breakpoint in PORT_SetError, and observe the places where it gets called, not all of which will be fatal. The last call to it before VFY_VerifyDigest returns should tell you exactly what the problem is. > Thank you, > Peter > > P.S. What is the status of the netscape.public.mozzilla.crypto mailing > list? Is it officially closed? The posting from the administrator said > that we would receive an invitation to join this mailing list, but no > such invitation arrived. The newsgroup netscape.public.mozilla.crypto has been replaced by: news://news.mozilla.org:119/mozilla.dev.tech.crypto The mailing list mozilla-crypto@mozilla.org has been replaced by dev-tech-crypto@lists.mozilla.org -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
