I cannot get RSA-encrypted messages which I generate using Perl's
Crypt::OpenSSL::RSA to decrypt using the openssl command-line tool in
Mac OS X. May be something easy/stupid since I am a new openssl user.
I believe that the problem is in the ENcrypting because the signatures
produced are different, even though they are using:
Same message
Same private key
Same padding (PKCS1)
Same digest (SHA1)
Both running on same Macintosh, presumably using the same
OpenSSL version 0.9.7l library.
Here are my commands/code and results, starting with the command-line:
###############################################################
# Create a private key
Jerrys-Mac-Mini: jk$ openssl genrsa -out Test248.private.pem
Generating RSA private key, 512 bit long modulus
.........++++++++++++
.............++++++++++++
e is 65537 (0x10001)
# Create signature of message "Bonehead" using the key in file
# Test248.private.pem, SHA1 digest and PKCS padding [1]:
Jerrys-Mac-Mini: jk$ echo -n "Bonehead" \
| openssl dgst -sha1 -binary\
| openssl rsautl -pkcs -sign -inkey Test248.private.pem -hexdump
0000 - 8a c6 56 19 97 f5 e7 16-20 30 f2 2f 0e af 7c 28 ..V.....
0./..|(
0010 - df 9d cd 5a 0e b0 11 c1-cc bb f2 3b 03 87 f0
96 ...Z.......;....
0020 - 0d ce b4 55 dc 69 81 bc-30 40 75 9d 74 b8 b7 bd ...U.i..
[EMAIL PROTECTED]
0030 - 3b 15 a0 5d c2 db ab 9a-8d d3 f2 4b 77 e1 e9
a1 ;..].......Kw...
##############################################################
Now I try to create the same signature using a perl script:
##############################################################
#!/usr/local/bin/perl -w
use strict ;
use warnings ;
use Crypt::OpenSSL::Random ;
use Crypt::OpenSSL::RSA ;
# Read in the key file just created
my $private_key_string = "" ;
my $key_path = "/Users/jk/Documents/SheepSystems/Keys/
Test248.private.pem" ;
open (KEY_FILE, $key_path) ;
while (my $line = <KEY_FILE>) {
$private_key_string .= $line ;
}
close(KEY_FILE);
print "Read key from file:\n$private_key_string\n" ;
my $rsa_priv = Crypt::OpenSSL::RSA-
>new_private_key($private_key_string);
# Use same message, padding and digest as in the command-line test
my $msg = "Bonehead" ;
$rsa_priv->use_pkcs1_padding();
$rsa_priv->use_sha1_hash() ;
my $signature = $rsa_priv->sign($msg);
my $showHexSig = showHex($signature) ;
print "signature of 'Bonehead':\n$showHexSig\n" ;
# sub showHex is shown at the bottom of this message
##############################################################
Running the above script, I get this:
##############################################################
Read key from file:
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALE2d5DpKbYxfIqv+6jYnW6DDvDyJFCdQt+s432GQsy8+ymL9DOR
mPcRQfk1jas1pqtsy+GGUlYd4R1kxbBZb4UCAwEAAQJANqtw83ma7qQRoc9sucgp
uUAhSd/JqDz7tnllrQHQdcyLMRSCBxvZ/i72YVixRRTHb1GVZ79iJWBmzh8ATLvj
uQIhAOuYWu6Vkve+zQ4Cd5EGWpytY/Or/6ZXvQf3L9ELIB07AiEAwI+miVT8t22w
Ge1IX+Q3L7lK2uBm97Pkwix9Wf7K2j8CIFUrQtQ1ZmgBpgeGhMr8zQ0O8a9JYqYz
2bZjefnMV9O5AiEAqSrKLKYcKm1To0NhLNUKYoPPLkCsVPqWgruhGDoOLfMCIE1E
kpJF13Dtq3KQOsaCoXbL4vo350vkBUrSovu45/6p
-----END RSA PRIVATE KEY-----
signature of 'Bonehead':
64 bytes:
78 b3 43 22 4b 4b 86 7f 47 25 00 f1 62 a2 66 70
e6 7e 82 f2 7a b6 cf ff ab dd f1 8a ff 0d cf a1
b5 3d 60 dc ac 9f 6f 0c 83 b9 51 c9 ac fa 7d 15
0b cc 97 cf 99 e5 6b ee 41 f0 d1 35 a1 a0 c1 09
##############################################################
As you can see the two signatures are both 64 bytes long but do not
match.
What might I be missing?
Thanks very much,
Jerry Krinock
[1] The reason I used PKCS padding (-pkcs) is because if I change it
to -oaep in the command-line test, I get an error message:
RSA operation error
error:04066076:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:unknown
padding type:rsa_eay.c:360:
which does not make sense because my version is:
Jerrys-Mac-Mini:Keys jk$ openssl
OpenSSL> version
OpenSSL 0.9.7l 28 Sep 2006
and "RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP()
were added in OpenSSL 0.9.2b" according to documentation: http://openssl.org/docs/crypto/RSA_padding_add_PKCS1_type_1.html#
[2]
sub showHex {
my $data = shift ;
use bytes ;
my $len = length($data) ;
my $i ;
my $show = "" ;
for ($i=0; $i<$len; $i++) {
my $value = ord(substr($data, $i, 1)) ;
$show .= " " ;
$show .= sprintf("%02x", $value) ;
if ((($i+1) % 16) == 0) {
$show .= "\n" ;
}
}
return "$len bytes:\n$show" ;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]