[squeak-dev] Crypto RSAWithSHA1 sign

Denis Kudriashov dionisiydk at gmail.com
Thu Sep 23 09:10:10 UTC 2010


Thank you very much Rob.

All good ok.

2010/9/23 Rob Withers <reefedjib at gmail.com>

>  Denis,
>
> I found that when you join the "privateKey" bytes with the publicKey bytes
> it does nothing.  The "privateKey" bytes alone carry the public key with the
> private key.  The Der bytes result in a 9 element OrderedCollection and
> fields 2 and 3 are the exponent and modulus for the public key.
>
> So I run the following to get both keys:
>
>
> key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
> Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
> NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
> AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
> JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
> J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
> D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
> euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
> MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
> +gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
> bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
> uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
> jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.
>
>
> derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
> contents.
>
> r := RSAPrivateKeyFileReader new.
> r decryptedBytes: derKey.
> publicKey := r asPublicKey.
> privateKey := r asPrivateKey.
> {publicKey. privateKey}
>
>
> Now I look at the publicKey you gave me and the 2 elements of a
> OrderedCollection.  The second element is a BitString and if you reach in a
> grab the bytes, they are also DER encoded.  So decode those and you get the
> exponent and modulus of the publicKey.  I wrote a class attached to process
> an RSA Public Key.  I used the code below to process it:
>
> key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
> ImTdErllmhzrTKT3YQIDAQAB'.
>
> derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
> contents.
>
> r := RSAPublicKeyFileReader new.
> r bytes: derKey .
> publicKey := r asPublicKey .
>
> Thanks for the test!
>
> Cheers,
> Rob
>
>  *From:* Denis Kudriashov <dionisiydk at gmail.com>
> *Sent:* Thursday, September 23, 2010 3:33 AM
> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>
> And verification work good.
>
> I attatch new tests
>
> 2010/9/23 Denis Kudriashov <dionisiydk at gmail.com>
>
>> I found when I join private and public keys my code work good and I get
>> RSAKey instance.
>>
>> I join it by:
>>
>> key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
>> Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
>> NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
>> AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
>> JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
>> J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
>> D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
>> euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
>> MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
>> +gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
>> bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
>> uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
>> jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==
>>
>> MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
>> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
>> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
>> ImTdErllmhzrTKT3YQIDAQAB'.
>>
>>
>> Why I cant read public key separetelly?
>>
>> Best regards,
>> Denis
>>
>> 2010/9/23 Denis Kudriashov <dionisiydk at gmail.com>
>>
>> Hello, Rob
>>>
>>> I attatch public key in pem format (it corresponds private key in my
>>> test).
>>>
>>> I try read it by:
>>>
>>> key64 :=
>>> 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
>>> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
>>> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
>>> ImTdErllmhzrTKT3YQIDAQAB'.
>>>
>>> derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
>>> contents.
>>>
>>> r := RSAPrivateKeyFileReader new.
>>> r decryptedBytes: derKey .
>>> publicKey := r asPublicKey .
>>>
>>> and last line raise error.
>>>
>>> What you think about this?
>>>
>>> 2010/9/22 Denis Kudriashov <dionisiydk at gmail.com>
>>>
>>> Yes, I have public key and start test verification but I faced in some
>>>> problem and stopped for today.
>>>> I can't read public key instance from der bytes (I have pem formated
>>>> public key file) by same way as I read private key instance (by
>>>> "aRSAPrivateKeyFileReader asPublicKey").
>>>>
>>>> I think tomorrow I send you my results.
>>>>
>>>> 2010/9/22 Rob Withers <reefedjib at gmail.com>
>>>>
>>>>  Denis,
>>>>>
>>>>> One other thing.  Do you have the publicKey for that privateKey you
>>>>> used in the test case?  We should really be checking the verification step
>>>>> as well.
>>>>>
>>>>> Thanks,
>>>>> Rob
>>>>>
>>>>>  *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>>>> *Sent:* Wednesday, September 22, 2010 9:51 AM
>>>>>  *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>   *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>
>>>>> Hello, Rob.
>>>>>
>>>>> I found solution. VW help me very much.
>>>>>
>>>>> Your changes almost right.
>>>>>
>>>>> method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and
>>>>> placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:
>>>>>
>>>>> RSAPrivateKey>>v15SignMessageHash: encodedMsg
>>>>>
>>>>>     | padded toBeSigned |
>>>>>     padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>>>     toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>>>> asByteArray, encodedMsg.
>>>>>     ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>>>
>>>>> I examine what happen in VW code (it is work good like java). And now I
>>>>> have this version:
>>>>>
>>>>> v15SignMessageHash: encodedMsg
>>>>>
>>>>>     | int emLen |
>>>>>
>>>>>     emLen := (p * q) digitLength -1.
>>>>>
>>>>>     int := LargePositiveInteger basicNew: emLen.
>>>>>     " Our LargeIntegers are little endian, so we have to reverse the
>>>>> bytes"
>>>>>     encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
>>>>>         int basicAt: index put: each].
>>>>>     int basicAt: encodedMsg size + 1 put: 0.
>>>>>
>>>>>     encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind
>>>>> put: 255].
>>>>>     int basicAt: emLen put: 1.
>>>>>
>>>>>     ^ (self crypt: int) asByteArray.
>>>>>
>>>>>
>>>>> This is give me results same as java and VW.
>>>>>
>>>>> I attach this method and acceptence test for it.
>>>>>
>>>>>
>>>>>
>>>>> 2010/9/21 Rob Withers <reefedjib at gmail.com>
>>>>>
>>>>>>  Denis,
>>>>>>
>>>>>> I looks like I missed step 2 on page 38.  I am not preappending the
>>>>>> AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior
>>>>>> to padding and encrypting.  I implemented it in the attached changeset.
>>>>>> Please load this and test for me.
>>>>>>
>>>>>> Note that it requires either all of Cryptography from the Cryptography
>>>>>> repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The
>>>>>> digest requires ASN1 encoding framework which is in the certificate package.
>>>>>>
>>>>>> Rob
>>>>>>
>>>>>>
>>>>>>
>>>>>>  *From:* Rob Withers <reefedjib at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 12:31 PM
>>>>>>   *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Denis,
>>>>>>
>>>>>> I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.
>>>>>> In that document (
>>>>>> ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25
>>>>>> it says:
>>>>>>
>>>>>> "Two signature schemes with appendix are specified in this document:
>>>>>> RSASSA-PSS and RSASSA-PKCS1-v1_5."
>>>>>>
>>>>>> I implemented v1_5.  It may be that Java is using PSS.  I may have
>>>>>> implemented v1.5 wrong.  The signature creation and verification algorithms
>>>>>> start on page 30.  The encoding is on 35.
>>>>>>
>>>>>> Rob
>>>>>>
>>>>>>  *From:* Rob Withers <reefedjib at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 12:06 PM
>>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Hi Denis,
>>>>>>
>>>>>> I originally wrote the v15 signature methods in April of 2007.  I am
>>>>>> currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC
>>>>>> there are more than one signature algorithm defined for RSA.  I don't recall
>>>>>> why I chose v15.  Perhaps Java is using another RSA signature function.
>>>>>>
>>>>>> There are no explicit tests for this signature.  There is a test
>>>>>> inside of the CryptoX509Test
>>>>>> (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as
>>>>>> the certificate that exposed it has expired and so is failing.  I removed
>>>>>> that certificate test.
>>>>>>
>>>>>> Let's talk bytes...the way this works in Squeak is that the RSA pads
>>>>>> the SHA1 hashed message and encrypts it.
>>>>>>
>>>>>> v15SignMessage: aMessage
>>>>>>
>>>>>>  ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).
>>>>>> and
>>>>>>
>>>>>> v15SignMessageHash: encodedMsg
>>>>>>
>>>>>>  | padded toBeSigned |
>>>>>>  padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>>>>  toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>>>>> asByteArray, encodedMsg.
>>>>>>  ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>>>> Presumably the #crypt: function will be the same in Java and Squeak
>>>>>> given the same key.  So if there are 2 different signature functions in RSA,
>>>>>> I would suspect that the padding would be different.
>>>>>>
>>>>>> Still trying to download the spec....
>>>>>>
>>>>>> What do you think?
>>>>>>
>>>>>> Cheers,
>>>>>> Rob
>>>>>>
>>>>>>  *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 11:21 AM
>>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Subject:* [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> Is somebody use Cryptography for RSA with SHA1 digital signature?
>>>>>>
>>>>>> I try do same result as I hava in java programm
>>>>>> I have rsa private key as smalltalk object. It has same values as java
>>>>>> private key object.
>>>>>>
>>>>>> But code
>>>>>>
>>>>>> privateKey v15SignMessage: message asByteArray  .
>>>>>>
>>>>>> returns me wrong result. Its differ from java working test
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>  ------------------------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>  ------------------------------
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100923/b501431e/attachment.htm


More information about the Squeak-dev mailing list