[squeak-dev] Crypto RSAWithSHA1 sign

Denis Kudriashov dionisiydk at gmail.com
Thu Sep 23 07:20:15 UTC 2010 

I found when I join private and public keys my code work good and I get
RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.


Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <dionisiydk at gmail.com>

> Hello, Rob
>
> I attatch public key in pem format (it corresponds private key in my test).
>
> I try read it by:
>
> key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
> ImTdErllmhzrTKT3YQIDAQAB'.
>
> derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
> contents.
>
> r := RSAPrivateKeyFileReader new.
> r decryptedBytes: derKey .
> publicKey := r asPublicKey .
>
> and last line raise error.
>
> What you think about this?
>
> 2010/9/22 Denis Kudriashov <dionisiydk at gmail.com>
>
> Yes, I have public key and start test verification but I faced in some
>> problem and stopped for today.
>> I can't read public key instance from der bytes (I have pem formated
>> public key file) by same way as I read private key instance (by
>> "aRSAPrivateKeyFileReader asPublicKey").
>>
>> I think tomorrow I send you my results.
>>
>> 2010/9/22 Rob Withers <reefedjib at gmail.com>
>>
>>  Denis,
>>>
>>> One other thing.  Do you have the publicKey for that privateKey you used
>>> in the test case?  We should really be checking the verification step as
>>> well.
>>>
>>> Thanks,
>>> Rob
>>>
>>>  *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>> *Sent:* Wednesday, September 22, 2010 9:51 AM
>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>
>>> Hello, Rob.
>>>
>>> I found solution. VW help me very much.
>>>
>>> Your changes almost right.
>>>
>>> method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and
>>> placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:
>>>
>>> RSAPrivateKey>>v15SignMessageHash: encodedMsg
>>>
>>>     | padded toBeSigned |
>>>     padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>     toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>> asByteArray, encodedMsg.
>>>     ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>
>>> I examine what happen in VW code (it is work good like java). And now I
>>> have this version:
>>>
>>> v15SignMessageHash: encodedMsg
>>>
>>>     | int emLen |
>>>
>>>     emLen := (p * q) digitLength -1.
>>>
>>>     int := LargePositiveInteger basicNew: emLen.
>>>     " Our LargeIntegers are little endian, so we have to reverse the
>>> bytes"
>>>     encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
>>>         int basicAt: index put: each].
>>>     int basicAt: encodedMsg size + 1 put: 0.
>>>
>>>     encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put:
>>> 255].
>>>     int basicAt: emLen put: 1.
>>>
>>>     ^ (self crypt: int) asByteArray.
>>>
>>>
>>> This is give me results same as java and VW.
>>>
>>> I attach this method and acceptence test for it.
>>>
>>>
>>>
>>> 2010/9/21 Rob Withers <reefedjib at gmail.com>
>>>
>>>>  Denis,
>>>>
>>>> I looks like I missed step 2 on page 38.  I am not preappending the
>>>> AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior
>>>> to padding and encrypting.  I implemented it in the attached changeset.
>>>> Please load this and test for me.
>>>>
>>>> Note that it requires either all of Cryptography from the Cryptography
>>>> repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The
>>>> digest requires ASN1 encoding framework which is in the certificate package.
>>>>
>>>> Rob
>>>>
>>>>
>>>>
>>>>  *From:* Rob Withers <reefedjib at gmail.com>
>>>> *Sent:* Tuesday, September 21, 2010 12:31 PM
>>>>   *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>
>>>> Denis,
>>>>
>>>> I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In
>>>> that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf)
>>>> on page 25 it says:
>>>>
>>>> "Two signature schemes with appendix are specified in this document:
>>>> RSASSA-PSS and RSASSA-PKCS1-v1_5."
>>>>
>>>> I implemented v1_5.  It may be that Java is using PSS.  I may have
>>>> implemented v1.5 wrong.  The signature creation and verification algorithms
>>>> start on page 30.  The encoding is on 35.
>>>>
>>>> Rob
>>>>
>>>>  *From:* Rob Withers <reefedjib at gmail.com>
>>>> *Sent:* Tuesday, September 21, 2010 12:06 PM
>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>
>>>> Hi Denis,
>>>>
>>>> I originally wrote the v15 signature methods in April of 2007.  I am
>>>> currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC
>>>> there are more than one signature algorithm defined for RSA.  I don't recall
>>>> why I chose v15.  Perhaps Java is using another RSA signature function.
>>>>
>>>> There are no explicit tests for this signature.  There is a test inside
>>>> of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate:
>>>> ), but it isn't used as the certificate that exposed it has expired and so
>>>> is failing.  I removed that certificate test.
>>>>
>>>> Let's talk bytes...the way this works in Squeak is that the RSA pads the
>>>> SHA1 hashed message and encrypts it.
>>>>
>>>> v15SignMessage: aMessage
>>>>
>>>>  ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).
>>>> and
>>>>
>>>> v15SignMessageHash: encodedMsg
>>>>
>>>>  | padded toBeSigned |
>>>>  padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>>  toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>>> asByteArray, encodedMsg.
>>>>  ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>> Presumably the #crypt: function will be the same in Java and Squeak
>>>> given the same key.  So if there are 2 different signature functions in RSA,
>>>> I would suspect that the padding would be different.
>>>>
>>>> Still trying to download the spec....
>>>>
>>>> What do you think?
>>>>
>>>> Cheers,
>>>> Rob
>>>>
>>>>  *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>>> *Sent:* Tuesday, September 21, 2010 11:21 AM
>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>> *Subject:* [squeak-dev] Crypto RSAWithSHA1 sign
>>>>
>>>> Hello
>>>>
>>>> Is somebody use Cryptography for RSA with SHA1 digital signature?
>>>>
>>>> I try do same result as I hava in java programm
>>>> I have rsa private key as smalltalk object. It has same values as java
>>>> private key object.
>>>>
>>>> But code
>>>>
>>>> privateKey v15SignMessage: message asByteArray  .
>>>>
>>>> returns me wrong result. Its differ from java working test
>>>>
>>>> ------------------------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>  ------------------------------
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100923/3b3d9c36/attachment.htm

More information about the Squeak-dev mailing list