Open hermanclau opened 3 years ago
Mechanims CKM_SHA256_RSA_PKCS does following things:
if 1: from asn1crypto import algos data = algos.DigestInfo({"digest_algorithm": algos.DigestAlgorithm({"algorithm": "sha256","parameters": algos.Null()}),"digest": data_digest,}).dump() else: DigestInfo = { "MD5": (0x30,0x20,0x30,0x0C,0x06,0x08,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,0x05,0x00,0x04,0x10,), "SHA1": (0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14,), "SHA256":(0x30,0x31,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20,), "SHA384":(0x30,0x41,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30,), "SHA512":(0x30,0x51,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40,), } data = bytes(DigestInfo["SHA256"]) + data_digest
sig2 = private2.sign(data, mechanism=pkcs11.mechanisms.Mechanism.RSA_PKCS) sig2.hex()
I need to incrementally hash a ~10MB data file before generating a digital signature. To confirm the equivalency in signing with a specified algorithm, and hashing and signing separately, I ran the following test with dummy data payload. The resulting signatures are different, can you point out any mistakes in the usage?
Note: On a separate system with a 3rd party secure signing library, the generated signature matches that of the single operation below.