[squeak-dev] Crypto RSAWithSHA1 sign
Denis Kudriashov
dionisiydk at gmail.com
Thu Sep 23 09:10:10 UTC 2010
Thank you very much Rob.
All good ok.
2010/9/23 Rob Withers <reefedjib at gmail.com>
> Denis,
>
> I found that when you join the "privateKey" bytes with the publicKey bytes
> it does nothing. The "privateKey" bytes alone carry the public key with the
> private key. The Der bytes result in a 9 element OrderedCollection and
> fields 2 and 3 are the exponent and modulus for the public key.
>
> So I run the following to get both keys:
>
>
> key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
> Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
> NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
> AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
> JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
> J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
> D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
> euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
> MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
> +gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
> bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
> uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
> jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.
>
>
> derKey := (Base64MimeConverter mimeDecodeToBytes: key64 readStream )
> contents.
>
> r := RSAPrivateKeyFileReader new.
> r decryptedBytes: derKey.
> publicKey := r asPublicKey.
> privateKey := r asPrivateKey.
> {publicKey. privateKey}
>
>
> Now I look at the publicKey you gave me and the 2 elements of a
> OrderedCollection. The second element is a BitString and if you reach in a
> grab the bytes, they are also DER encoded. So decode those and you get the
> exponent and modulus of the publicKey. I wrote a class attached to process
> an RSA Public Key. I used the code below to process it:
>
> key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
> ImTdErllmhzrTKT3YQIDAQAB'.
>
> derKey := (Base64MimeConverter mimeDecodeToBytes: key64 readStream )
> contents.
>
> r := RSAPublicKeyFileReader new.
> r bytes: derKey .
> publicKey := r asPublicKey .
>
> Thanks for the test!
>
> Cheers,
> Rob
>
> *From:* Denis Kudriashov <dionisiydk at gmail.com>
> *Sent:* Thursday, September 23, 2010 3:33 AM
> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>
> And verification work good.
>
> I attatch new tests
>
> 2010/9/23 Denis Kudriashov <dionisiydk at gmail.com>
>
>> I found when I join private and public keys my code work good and I get
>> RSAKey instance.
>>
>> I join it by:
>>
>> key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
>> Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
>> NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
>> AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
>> JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
>> J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
>> D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
>> euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
>> MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
>> +gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
>> bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
>> uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
>> jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==
>>
>> MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
>> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
>> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
>> ImTdErllmhzrTKT3YQIDAQAB'.
>>
>>
>> Why I cant read public key separetelly?
>>
>> Best regards,
>> Denis
>>
>> 2010/9/23 Denis Kudriashov <dionisiydk at gmail.com>
>>
>> Hello, Rob
>>>
>>> I attatch public key in pem format (it corresponds private key in my
>>> test).
>>>
>>> I try read it by:
>>>
>>> key64 :=
>>> 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
>>> vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
>>> ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
>>> ImTdErllmhzrTKT3YQIDAQAB'.
>>>
>>> derKey := (Base64MimeConverter mimeDecodeToBytes: key64 readStream )
>>> contents.
>>>
>>> r := RSAPrivateKeyFileReader new.
>>> r decryptedBytes: derKey .
>>> publicKey := r asPublicKey .
>>>
>>> and last line raise error.
>>>
>>> What you think about this?
>>>
>>> 2010/9/22 Denis Kudriashov <dionisiydk at gmail.com>
>>>
>>> Yes, I have public key and start test verification but I faced in some
>>>> problem and stopped for today.
>>>> I can't read public key instance from der bytes (I have pem formated
>>>> public key file) by same way as I read private key instance (by
>>>> "aRSAPrivateKeyFileReader asPublicKey").
>>>>
>>>> I think tomorrow I send you my results.
>>>>
>>>> 2010/9/22 Rob Withers <reefedjib at gmail.com>
>>>>
>>>> Denis,
>>>>>
>>>>> One other thing. Do you have the publicKey for that privateKey you
>>>>> used in the test case? We should really be checking the verification step
>>>>> as well.
>>>>>
>>>>> Thanks,
>>>>> Rob
>>>>>
>>>>> *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>>>> *Sent:* Wednesday, September 22, 2010 9:51 AM
>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>
>>>>> Hello, Rob.
>>>>>
>>>>> I found solution. VW help me very much.
>>>>>
>>>>> Your changes almost right.
>>>>>
>>>>> method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and
>>>>> placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:
>>>>>
>>>>> RSAPrivateKey>>v15SignMessageHash: encodedMsg
>>>>>
>>>>> | padded toBeSigned |
>>>>> padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>>> toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>>>> asByteArray, encodedMsg.
>>>>> ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>>>
>>>>> I examine what happen in VW code (it is work good like java). And now I
>>>>> have this version:
>>>>>
>>>>> v15SignMessageHash: encodedMsg
>>>>>
>>>>> | int emLen |
>>>>>
>>>>> emLen := (p * q) digitLength -1.
>>>>>
>>>>> int := LargePositiveInteger basicNew: emLen.
>>>>> " Our LargeIntegers are little endian, so we have to reverse the
>>>>> bytes"
>>>>> encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
>>>>> int basicAt: index put: each].
>>>>> int basicAt: encodedMsg size + 1 put: 0.
>>>>>
>>>>> encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind
>>>>> put: 255].
>>>>> int basicAt: emLen put: 1.
>>>>>
>>>>> ^ (self crypt: int) asByteArray.
>>>>>
>>>>>
>>>>> This is give me results same as java and VW.
>>>>>
>>>>> I attach this method and acceptence test for it.
>>>>>
>>>>>
>>>>>
>>>>> 2010/9/21 Rob Withers <reefedjib at gmail.com>
>>>>>
>>>>>> Denis,
>>>>>>
>>>>>> I looks like I missed step 2 on page 38. I am not preappending the
>>>>>> AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior
>>>>>> to padding and encrypting. I implemented it in the attached changeset.
>>>>>> Please load this and test for me.
>>>>>>
>>>>>> Note that it requires either all of Cryptography from the Cryptography
>>>>>> repository loaded, or all of CryptoBase and CryptoCerts from the inbox. The
>>>>>> digest requires ASN1 encoding framework which is in the certificate package.
>>>>>>
>>>>>> Rob
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Rob Withers <reefedjib at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 12:31 PM
>>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Denis,
>>>>>>
>>>>>> I do not know why I was looking at PKCS#11. THe RSA spec is PKCS#1.
>>>>>> In that document (
>>>>>> ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25
>>>>>> it says:
>>>>>>
>>>>>> "Two signature schemes with appendix are specified in this document:
>>>>>> RSASSA-PSS and RSASSA-PKCS1-v1_5."
>>>>>>
>>>>>> I implemented v1_5. It may be that Java is using PSS. I may have
>>>>>> implemented v1.5 wrong. The signature creation and verification algorithms
>>>>>> start on page 30. The encoding is on 35.
>>>>>>
>>>>>> Rob
>>>>>>
>>>>>> *From:* Rob Withers <reefedjib at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 12:06 PM
>>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Cc:* Squeak Crypto <cryptography at lists.squeakfoundation.org>
>>>>>> *Subject:* Re: [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Hi Denis,
>>>>>>
>>>>>> I originally wrote the v15 signature methods in April of 2007. I am
>>>>>> currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC
>>>>>> there are more than one signature algorithm defined for RSA. I don't recall
>>>>>> why I chose v15. Perhaps Java is using another RSA signature function.
>>>>>>
>>>>>> There are no explicit tests for this signature. There is a test
>>>>>> inside of the CryptoX509Test
>>>>>> (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as
>>>>>> the certificate that exposed it has expired and so is failing. I removed
>>>>>> that certificate test.
>>>>>>
>>>>>> Let's talk bytes...the way this works in Squeak is that the RSA pads
>>>>>> the SHA1 hashed message and encrypts it.
>>>>>>
>>>>>> v15SignMessage: aMessage
>>>>>>
>>>>>> ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).
>>>>>> and
>>>>>>
>>>>>> v15SignMessageHash: encodedMsg
>>>>>>
>>>>>> | padded toBeSigned |
>>>>>> padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
>>>>>> toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0)
>>>>>> asByteArray, encodedMsg.
>>>>>> ^ (self crypt: toBeSigned asInteger) asByteArray.
>>>>>> Presumably the #crypt: function will be the same in Java and Squeak
>>>>>> given the same key. So if there are 2 different signature functions in RSA,
>>>>>> I would suspect that the padding would be different.
>>>>>>
>>>>>> Still trying to download the spec....
>>>>>>
>>>>>> What do you think?
>>>>>>
>>>>>> Cheers,
>>>>>> Rob
>>>>>>
>>>>>> *From:* Denis Kudriashov <dionisiydk at gmail.com>
>>>>>> *Sent:* Tuesday, September 21, 2010 11:21 AM
>>>>>> *To:* The general-purpose Squeak developers list<squeak-dev at lists.squeakfoundation.org>
>>>>>> *Subject:* [squeak-dev] Crypto RSAWithSHA1 sign
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> Is somebody use Cryptography for RSA with SHA1 digital signature?
>>>>>>
>>>>>> I try do same result as I hava in java programm
>>>>>> I have rsa private key as smalltalk object. It has same values as java
>>>>>> private key object.
>>>>>>
>>>>>> But code
>>>>>>
>>>>>> privateKey v15SignMessage: message asByteArray .
>>>>>>
>>>>>> returns me wrong result. Its differ from java working test
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ------------------------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
> ------------------------------
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100923/b501431e/attachment.htm
More information about the Squeak-dev
mailing list
|