search

QuasarApp / Qt-Secret

Simple encryption library supporting RSA and AES algorithms.
https://quasarapp.ddns.net:3031/docs/QuasarApp/Qt-Secret/latest/index.html
GNU Lesser General Public License v3.0
246 stars 69 forks source link

Verification of the message signature with RSA size > 2048 (4096, 8192) doesn't work correctly! Always returns false! #91

Closed xyzdelete closed 1 year ago

xyzdelete commented 3 years ago

If you choose an RSA size greater than 2048, for example, 4098 or 8192, then after creating a signature, when verifying this signature with the public key, it always returns false (signature is false). I checked with RSA64, RSA128, RSA256, RSA512, RSA1024, RSA2048 everything works as it should, i.e. if I sign with a private key of these sizes, then when checking with a public key, the truth is returned (signature is true) as it should. But if you select 4096 or 8192, it returns false. I looked a little at what happens in the debugger and it looks like the size is recognized, and even a signature is created, but for some reason the check returns false. Perhaps when rounding or something else, bits of information are lost, I do not know for sure. But nothing is said about the size limit in 2048, so this is most likely a bug. Or I'm missing something. I'm using Win10 x64, Qt 5.15.2 (MSVC 2019 64-bit compiler). I tested through the Qt-Secret-GUI application and also in my code, the result is identical.

EndrII commented 3 years ago

thanks for you bug report. but i have a bad news because i do not have a free time for fix this bug. sorry

xyzdelete commented 3 years ago

Well, at least you now know that there is a bug and the signature works with keys up to 2048 bits. Maybe someday in the future there will be a fix.

Benjamin-Loison commented 3 years ago

I personaly haven't this problem for instance with 4096 size in "Signature and verification of the message signature." example cf README.md Windows 10 Qt 6.1.1 MinGW 8.1.0 64-bit

xyzdelete commented 3 years ago

Hm... Did you test it with the Qt-Secret-GUI application?

Benjamin-Loison commented 3 years ago

I just followed instructions from the Include section of the README for qmake and used "Signature and verification of the message signature." code from README in one of my Qt project changing 2048 for 4096 and got "success"

xyzdelete commented 3 years ago

Hm... Maybe I do something wrong... I just rebuilt it. I ran the Qt-Secret GUI, generated the keys for 2048, everything works. Generated keys for 4096. Returns false. Windows 10 Qt 6.1.2 MinGW 8.1.0 64-bit image image image image

But yeah, If I test it with the code from the README but not with GUI example it works, if change RSA size to 4096. image image image

EndrII commented 1 year ago

Unfortunately. But I drop support of this library. See my new library for works with RSA and ECDSA. easyssl