On Tuesday, June 30, 2020 at 1:28:41 PM UTC-4, Phil Atkin wrote:
>
> I currently use the following command to sign a short message:
>
> openssl pkeyutl -sign -in message -inkey privateKey.pem -out
> signedMessage
>
> I am trying to use CryptoPP to verify and recover this message (using the
> public key). Note that this openssl command does not generate or use a
> digest; it signs the original message. This may be undesirable but I need
> my implementation to work with messages that have already been signed in
> this way.
>
> If I use
> RSA::PrivateKey privateKey;
> privateKey.Load(FileSource("privateKey", true, NULL, true
> /*binary*/).Ref());
> RSASS<PSSR, SHA1>::Signer signer(privateKey);
>
> ... then I can sign a message but the output is different for every run.
> The openssl command above always gives the same output, and I need CryptoPP
> to reproduce this. I think this is to do with the hash function (digest)
> that CryptoPP is including (as per convention) and that I can't work out
> how to exclude.
>
> Similarly, if I try to use a RSASS<PSSR, SHA1>::Verifier to do a
> RecoverMessage on the output of openssl (which is my ultimate goal), the
> verification fails.
>
> Is there a way to define a Verifier that does not expect to find a hash
> value?
>
https://crypto.stackexchange.com/questions/6515/are-rsa-signatures-deterministic
OpenSSL is using PKCS#1, which is deterministic. PKCS#1 is the old way of
doing things. Also see
https://blog.cryptographyengineering.com/2012/06/21/bad-couple-of-years-for-cryptographic/
and https://www.openssl.org/docs/man1.0.2/man1/pkeyutl.html.
In Crypto++ you are using a randomized signature scheme via PSS in PSSR.
PSS is "probabilistic signature scheme" and the "R" indicates recovery.
PSSR is the new way of doing things.
Randomized signature schemes always produce a different signature on the
same message because the padding is randomized. Or if it does not, then
there's something wrong with the implementation.
Also see https://www.cryptopp.com/wiki/RSA_Signature_Schemes
Jeff
--
You received this message because you are subscribed to "Crypto++ Users". More
information about Crypto++ and this group is available at
http://www.cryptopp.com and
http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/cryptopp-users/6ca8e0d9-3ed0-4b64-9a0e-f3c7fefd8f1fo%40googlegroups.com.
