Archived Forum Post

Index of archived forum posts

Question:

RSA Sign problem compared to openssl sign....

Dec 31 '13 at 11:50

Hi,

I work with the RSA encrypt on SQL to create a sign key, and now I found a problem, one among 133 signatures of documents says that is not correct, comparing it to a openssl signature with the same string to encode it gives a different result and can not figure it out why.

This is serius because the documents are sent to Portugal tax system and can not have errors like this kind.

when i try to validate the openssl signature it says it is ok.

this is the string to encode:

 '2013-01-30;2013-01-30T12:20:58;NUMF 1/130117;3201.44;uq9KiaRYiWsUuFL/zCz4/m1JHZkp3drVyKR+VshhuorMRg/hIwa7oAxQROQtwAQxcsOt8fuS+kXvrmeHzSVnnnpnXA3xTrhugvpkuz85ZrtHljAwqxDLlscMHmxTzBFuJxTyKVQ5gzz7WJGqRYz3U96ATKER/mX5E2ZPRPLVfyg='
this is the SQL used:

 --CREATE PROC SP_Vendas_GeraChaveDocumento 
declare @DadosAEncriptar nvarchar(4000), @Hash nvarchar(200) , @Versao int  
select @DadosAEncriptar='2013-01-30;2013-01-30T12:20:58;NUMF 1/130117;3201.44;uq9KiaRYiWsUuFL/zCz4/m1JHZkp3drVyKR+VshhuorMRg/hIwa7oAxQROQtwAQxcsOt8fuS+kXvrmeHzSVnnnpnXA3xTrhugvpkuz85ZrtHljAwqxDLlscMHmxTzBFuJxTyKVQ5gzz7WJGqRYz3U96ATKER/mX5E2ZPRPLVfyg='

DECLARE @hr int, @sTmp0 nvarchar(4000), @success int, @pkeyXml nvarchar(4000), @rsa int
-- Inicia a versão da chave privada
    SELECT @Versao = 1
-- Inicia chave privada em formato XML
    SELECT @pkeyXml = N'<rsakeyvalue><modulus>6SnPpnuwThJwwxhsD8j2wqYm8Y5gSw62y0peXOkYiMZQj/1vhc0a93fEg9hoi3amDYL6B/uavJeByan8WsifdPbsIJ1lCKRtyUI3iI8LuRfAZhuwxxmW2b4F79s4VQCwPFpKrQ0sj9GpRW56dLcGZLdgjXjNPhQWJxaDduZWkfs=</modulus><exponent>AQAB</exponent>

+nZKx75rnijBdVclAGAEHA7wvwQRQAaxSC6V0GEAbQUJKpkGpq9514mRdZ4kM2+Zq3YaBNtMnnUK90hoPAtA5Q==

7lGaCCOLWa2JCzBUc4Z4Vds/W7gGsPSYf/I76jz+O0E+op3x5jsTklTp1uawg8dWxacY1nPOcbJ1mL5v+vS5Xw==<dp>Pt3mU1DGroJIXO2syfVP0sMlRqz8r3d+lEGtNQrEEplK/bg/ZSNyj9ll+4HgUFDY36LbURDCoJt8TymLkFa6yQ==</dp><dq>K/t1YPEmY5uKQj1eKJ/1j2rSK5wv5/KMPni3JAizpr3o0Fwz65iViRkQuu+CPh/I3Nt00wc2X3dfCpyC0B7gIw==</dq><inverseq>uaPWPpV1nnKwHfzMJAcBXuHOFrqsfvKa3hzxDoEhJh9ICRi8YIdEC2PjbV6BqJaZJ0LL1EXWELjslBUAS9HWFg==</inverseq><d>GvmJWnto1D9x6EBFEDZxxecvDjcokMZtA2vhKuKUwg4fd+kcI+CsxACJLa+1uJzLbTi/8Hh9WGA21bvixCX9vHPgYULPbRYImNOTqMu9LR0KgUjvBeyuwqLyFOA0utSTvYUsyG8mM90KKwRuxEn2GD+gvzUFSMvFqmJYvIsQe5E=</d></rsakeyvalue>' -- Cria objecto p/ hash e encriptação RSA EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUTPUT IF @hr <> 0 BEGIN RAISERROR('Failed to create ActiveX component.', 10, 1) RETURN END -- Any string argument automatically begins the 30-day trial. EXEC sp_OAMethod @rsa, 'UnlockComponent', @success OUTPUT, '' IF @success <> 1 BEGIN EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUTPUT RAISERROR(@sTmp0, 10, 1) RETURN END -- Importa chave privada no objecto RSA criado EXEC sp_OAMethod @rsa, 'ImportPrivateKey', @success OUTPUT, @pkeyXml IF @success <> 1 BEGIN EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUTPUT RAISERROR(@sTmp0, 10, 1) RETURN END -- Altera propriedade LittleEndian do objecto RSA para BigEndian EXEC sp_OASetProperty @rsa, 'LittleEndian', 0 -- EXEC sp_OASetProperty @rsa, 'Charset', 'ansi' -- Altera propriedade EncodingMode do objecto RSA para base64 EXEC sp_OASetProperty @rsa, 'EncodingMode', 'base64' -- Calcula hash através do algoritmo SHA-1, e depois encipta o hash --EXEC sp_OAMethod @rsa, 'OpenSslSignStringENC', @HASH OUTPUT, @DadosAEncriptar--, 'SHA-1' EXEC sp_OAMethod @rsa, 'SignStringENC', @Hash OUTPUT, @DadosAEncriptar, 'SHA-1' select @hash
-- --this returns the key
 D7X/hHY8Eo6rQkgqCYXaaTUzV6U34WyRJnns+NcSb/zvOMYJ2Sjs/hX8JBepZXcyunfRnkwFvtCVAQmojyus0VOdbHW8Iosc6H86MjGTCX3wlMFvqcsZ3YnaQLUvEbzKejazce6bKFW+4WdUL0lBiq/kscNiJ73jmP5SLtsd0w==

and openssl returns:

  AA+1/4R2PBKOq0JIKgmF2mk1M1elN+FskSZ57PjXEm/87zjGCdko7P4V/CQXqWV3Mrp30Z5MBb7QlQEJ
qI8rrNFTnWx1vCKLHOh/OjIxkwl98JTBb6nLGd2J2kC1LxG8yno2s3HumyhVvuFnVC9JQYqv5LHDYie9
45j+Ui7bHdM=
Can anyone help on this strange case? Thanks


Answer

Please format this post in a more readable way using "<pre>" tags..


Answer

Formated as advised, thanks


Answer

Make sure you are using the very latest version of the Chilkat RSA ActiveX (v9.4.0). Examine the LastErrorText property after any method call to verify that this is the case. Check to make sure the "DllDate" line within the LastErrorText is a date from Dec. 2012 and not earlier.


Answer

how do you verify the hash code generated with the public key? with's method should i use?