On 2/8/14 6:50 PM, John W. O'Brien wrote: > Hello freebsd-ports@, > > I'm trying to build and maintain my own package repository and > understand how everything is put together in the process. Right now, I'm > having trouble understanding how the signatures are made and verified. > The following should illustrate both the problem I'm having and how I > think things are supposed to work. [...] > Testing the signature > --------------------- > > # cd /tmp/test > # tar xf /tmp/packages/digests.txz > # openssl dgst -verify /tmp/keys/repo.pub \ > -signature signature -sha256 digests > Verification Failure [...]
I think I found out why this doesn't work.
Inside pkg-repo(8), the code that actually generates the signature [0],
signs an ASCII-encoded, zero-terminated [1] representation of the SHA256
digest. I would guess that inside "openssl dgst ... -sha256 ..." the
signature generation and verification are operating on a SHA256 blob
(i.e. unterminated binary).
So, the next best way I've come up with to verify a repo by hand is this:
# openssl rsautl -pubin -inkey /tmp/keys/repo.pub \
-verify -in test_sig -asn1parse
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - 7d b0 d6 38 8c 0f 28 53-2a 76 40 4f d6 84 8f 24
}..8..(S*v@O...$
0010 - e5 0a a1 57 45 ec f1 31-14 aa d0 4c 9a d0 fc 17
...WE..1...L....
# sha256 -q digests
7db0d6388c0f28532a76404fd6848f24e50aa15745ecf13114aad04c9ad0fc17
I just visually compare the OCTET STRING to the digest.
[0] rsa_sign()
https://github.com/freebsd/pkg/blob/master/libpkg/rsa.c#L175
[2] sha256_hash()
https://github.com/freebsd/pkg/blob/master/libpkg/utils.c#L343
signature.asc
Description: OpenPGP digital signature
