Closed lambdadog closed 4 years ago
I suspect that the openssl command is using the older PKCS1-v1.5 padding which is not implemented in Ironclad. Currently only no padding or PSS (PKCS1-v2.1) padding are supported.
If you do the PKCS1-v1.5 padding of the hash by hand and pass that to sign-message
, it should work.
@glv2 I see, thank you, I'll test that and get back to the issue once that can be confirmed
Apparently the openssl command also doesn't sign the message directly. It first make an ASN1 structure containing some metadata and the message, then the PKCS1-v1.5 padding is added and the padded ASN1 data is signed.
Something like:
(defun add-openssl-padding (message modulus)
(let* ((nbytes (ceiling (integer-length modulus) 8))
(asn1-message (asn1:encode
(list (list :sequence
(list :sequence
(cons :object-identifier #(2 16 840 1 101 3 4 2 1))
(list :null))
(cons :octet-string message)))))
(padding-length (- nbytes (length asn1-message)))
(padding (make-array padding-length
:element-type '(unsigned-byte 8)
:initial-element #xff)))
(setf (aref padding 0) 0)
(setf (aref padding 1) 1)
(setf (aref padding (1- padding-length)) 0)
(concatenate '(simple-array (unsigned-byte 8) (*))
padding
asn1-message)))
I think the added metadata (here #(2 16 840 1 101 3 4 2 1)
) indicates what the message was hashed with (here SHA256), but I don't know what its format is.
I met the same problem and found a working solution by @dnaeon: http://dnaeon.github.io/rsassa-pkcs1-1_5-signature-common-lisp/
Hey @rayslava ,
You can grab the latest code here as well: https://github.com/dnaeon/cl-ssh-keys/blob/master/src/rfc8017.lisp
This may just be my own error, so please let me know if so, but I'm completely unable to get any signatures to verify using
openssl dgst -verify
I'm using asn1 to load the private key, using
and signing a file with
then copying the output of that and using
but it always returns "Verification Failure"
I've also tried
and
and have had no success with any of them.
This may just be personal error, so apologies if so, but as far as I can tell I'm doing this correctly.
Using CCL 1.11.5
Keys were generated with