DigitalSignatureAlgorithm Errors

Laurence Rozier laurence.rozier at gmail.com
Wed Aug 9 20:43:23 UTC 2006


Thanks Ron. I'm doing this in the 3.8. Under WinXP, when I follow your steps
exactly, the result of the verify is false. To be clear, when I generate the
keyset with:

keys := DigitalSignatureAlgorithm generateKeySet.

I'm asked if I want to generate the random seed from sound input and I
respond yes. I get what appears to be a valid keyset. Then I sign the phrase
'hello'

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a
signature:
and after entering a long string, I get what appears to be a valid
signature.  However, when I send verify:isSignatureOf:publicKey: the result
is false.

I'm going to try under 3.9 this evening and will let you know.

When you sign-up at Amazon Web
Services<http://developer.amazonwebservices.com>,
you are given an access id which is public and AWS generates the 40
character alphanumeric secret key to be used to sign a SHA1 hash that is
passed in with requests. This method is used for all AWS services that
require authentication<http://www.amazon.com/gp/browse.html/104-9568167-8639133?redirect=true&ie=UTF8&node=15850061>
.
`
Laurence

On 8/9/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
>
>  Hi Laurence,
>
>
>
> I'm not sure I understand what it is you are doing.  Can you tell me what
> version you are using?  I checked the error you reported on my windows XP
> system but as you said it works on windows.  There is little I can do about
> OS/X.  But the examples you sighted also use random typed in characters
> instead.  There are others solutions such as SecureRandom available at:
> www.squeaksource.com/Cryptography  we can talk about that if we get past
> this first part.
>
>
>
> I tried an example (I'm in Squeak 3.9b-7051) and it appears to be working
> fine.  Here's what I did.
>
>
>
> First I generated a key set.
>
>
>
> keys := DigitalSignatureAlgorithm generateKeySet.
>
>
>
> Here is the set I got.
>
>
>
> #(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953
> 1375050214541076916535442310710144083780809418779
> 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861
> 1115914113083931179608861092566623278044302408799)
> #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953
> 1375050214541076916535442310710144083780809418779
> 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861
> 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))
>
>
>
> Don't use this key set since it is now public.
>
>
>
> Then I signed a message: 'hello' with the first key
>
>
>
> DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a
> signature:
>
> '[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E
> 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'
>
>
>
> So if you send the message along with the public key (keys last) then they
> can verify the signature with:
>
>
>
> DigitalSignatureAlgorithm verify:
>
> '[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E
> 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey:
> keys last
>
>
>
> For me this came out as true.
>
>
>
> Now I'm not sure what the 40 characters from Amazon are.  The number of
> characters does not make someone think of key.  It could be a message that
> you are supposed to sign and send back, a secret message if you will.  That
> way they can verify your signature since supposedly only you and they know
> the 40 byte message.  You would send back the signature and not the message,
> since they know what it is already.  Still that's just a guess.  Maybe
> someone else that works with Amazon can tell us.
>
>
>
> I hope that helps.
>
>
>
> Happy coding!
>
>
>
> Ron Teitelbaum
>
> Squeak Cryptography Team Leader
>
>
>
>
>   ------------------------------
>
> *From:* squeak-dev-bounces at lists.squeakfoundation.org [mailto:
> squeak-dev-bounces at lists.squeakfoundation.org] *On Behalf Of *Laurence
> Rozier
> *Sent:* Wednesday, August 09, 2006 12:54 PM
> *To:* The general-purpose Squeak developers list
> *Subject:* DigitalSignatureAlgorithm Errors
>
>
>
> Hi,
>
> My goal is to be able sign messages for Amazon Web Services and initially
> I ran into the issue of how the secret key is represented. DSA expects the
> key to be part of a 4 element array, but what I have from Amazon is a single
> 40 character string. This is a new domain for me so I decided to first make
> sure I could use/understand the implementation as it. However, class methods
> such as example and timeDecode: fail with:
>
> ERROR! Signature verification failed
>
> I reimplemented the examples using generateKeySet instead of testKeySet
> but still get the same failures. Also when I tried to use
> initRandomNonInteractively to prevent having to constantly type in long
> strings, Squeak crashed under OS/X(works fine under windows). Apparently
> SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on
> Mantis). Can anyone point me to working examples?
>
> TIA,
>
> Laurence
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20060809/4bf6227c/attachment.htm


More information about the Squeak-dev mailing list