login about faq

OK, here's a fairly straightforward issue.

I have an RSA public key (public_key) and private key (private_key), and a source text (string). When I call this from Objective-C:

rsa.EncodingMode = @"hex";
rsa.LittleEndian = NO;
[rsa ImportPrivateKey: private_key];
NSString *signed_string = [rsa SignStringENC: string hashAlg: @"MD2"];

...I get a signature of the string. If I then call this in Objective-C:

rsa.EncodingMode = @"hex";
rsa.LittleEndian = NO;
[rsa ImportPublicKey: public_key];
[rsa VerifyStringEnc: string hashAlg: @"MD2" sig: signature]

...I get YES: the string verifies fine.

However, if I pass the public key, the string, and the signature to Python and then call this:

self.rsa_object.put_LittleEndian(False) 
self.rsa_object.EncodingMode = 'hex'
self.rsa_object.ImportPublicKey(public_key)
rsa.VerifyStringENC(string, 'MD2', signature)

...I get False: the string fails to verify.

When I dump the LastErrorText from each verify function, I find that Objective-C and Python are using different signature lengths. When using a 1,024-bit RSA key, Objective-C reports a 128-bit signature, and Python reports a 192-bit signature. Similarly, when using a 2,048-bit RSA key, Objective-C reports a 256-bit signature, and Python reports a 384-bit signature.

I've verified that the three parameters are identical for each call of VerifyStringENC on each side.

Here's the Objective-C LastErrorText:

VerifyStringENC:
    DllDate: Dec 12 2012
    Architecture: Little Endian; 64-bit
    Language: Cocoa Objective-C
    VerboseLogging: 0
    signature: 0055A84C1F6E7904620CCDFABD1D4B640B4CEEAB11F1B28BC58257A167D09404C575EE11A56D0AD8A1BEE48A2F591A9ADD1D57A2446D222226083E62BBE22E367A672779BA765E06145457AD8AAD6AEE94AE0ADDF5B76F957D224404C275176095C5A1AE1E423C6CE0BE10A472390583073C219456AB2C490B03E065252C09954BB27901264F68AC5AB8B7C83D686A6142A53274A6F6136524B9D72A0D10A9A429F822EEDA0CCDCB8966E70EA2DBDB6A62FEDBD0538530C904F419E0038F0008187B40E352C4ED6C658ADA1B2997013B6BA0F34C6D82D57098AC459B6C685670932D35CA41E66F44A244BF5E1C438547F116235DA86AD5D9925580B8604FA05A
    HashAlgorithm: MD2
    DataSize: 34
    SignatureSize: 256
    HashSize: 16
    HashBytes: 7A4D E389 E368 89C8 5C47 4AE6 2EE4 B7EF
    Using PKCS 1.5 decoding
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: PKCS v1.5
            HashOid: 1.2.840.113549.2.2
        --RSA_verify
        Success.
    --verifyHash
--VerifyStringENC

And here's the Python LastErrorText:

VerifyStringENC:
    DllDate: Dec 12 2012
    Architecture: Little Endian; 32-bit
    Language: Linux C/C++
    VerboseLogging: 0
    signature: 0055A84C1F6E7904620CCDFABD1D4B640B4CEEAB11F1B28BC58257A167D09404C575EE11A56D0AD8A1BEE48A2F591A9ADD1D57A2446D222226083E62BBE22E367A672779BA765E06145457AD8AAD6AEE94AE0ADDF5B76F957D224404C275176095C5A1AE1E423C6CE0BE10A472390583073C219456AB2C490B03E065252C09954BB27901264F68AC5AB8B7C83D686A6142A53274A6F6136524B9D72A0D10A9A429F822EEDA0CCDCB8966E70EA2DBDB6A62FEDBD0538530C904F419E0038F0008187B40E352C4ED6C658ADA1B2997013B6BA0F34C6D82D57098AC459B6C685670932D35CA41E66F44A244BF5E1C438547F116235DA86AD5D9925580B8604FA05A
    HashAlgorithm: MD2
    DataSize: 34
    SignatureSize: 384
    HashSize: 16
    HashBytes: 7A4D E389 E368 89C8 5C47 4AE6 2EE4 B7EF
    Using PKCS 1.5 decoding
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: PKCS v1.5
            Invalid RSA input value
            Invalid RSA input value
            Modular exponentiation failed.
        --RSA_verify
    --verifyHash
    Retry with PSS decoding...
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: OAEP
            HashAlg: MD2
            Invalid RSA input value
            Invalid RSA input value
            Modular exponentiation failed.
        --RSA_verify
    --verifyHash
    Failed.
--VerifyStringENC

It seems to be impossible to alter the signature size parameter. I'm not even sure where it's coming from; it seems independent of the actual actual size of the signature (which is 512 bytes on each platform).

The same result happens if OaepPadding is set to YES/True on each side, and if different hashing algorithms are used (SHA-1, SHA-256, etc.)

The signature size seems to be totally out of my control. It only seems to depend on the RSA key length, which changes the signature size proportionally for both platforms.

Any ideas? Thanks...

asked Jun 03 '13 at 00:52

sfsdfd's gravatar image

sfsdfd
1133

edited Jun 03 '13 at 00:59


Something seems amiss with the Python version. I'll post a download link for a new build ASAP...

link

answered Jun 04 '13 at 14:12

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×47
×34
×21
×18

Asked: Jun 03 '13 at 00:52

Seen: 1,819 times

Last updated: Jun 04 '13 at 18:15

powered by OSQA