En/Decrypt Mismatch: Command-Line Tool vs. Perl's Crypt::OpenSSL

Tue, 12 Aug 2008 17:35:43 -0700

I cannot get RSA-encrypted messages which I generate using Perl's Crypt::OpenSSL::RSA to decrypt using the openssl command-line tool in Mac OS X. May be something easy/stupid since I am a new openssl user.
I believe that the problem is in the ENcrypting because the signatures produced are different, even though they are using: 

   Same message
   Same private key
   Same padding (PKCS1)
   Same digest (SHA1)
   Both running on same Macintosh, presumably using the same
      OpenSSL version 0.9.7l library.

Here are my commands/code and results, starting with the command-line:

###############################################################
# Create a private key
Jerrys-Mac-Mini: jk$ openssl genrsa -out Test248.private.pem
Generating RSA private key, 512 bit long modulus
.........++++++++++++
.............++++++++++++
e is 65537 (0x10001)

# Create signature of message "Bonehead" using the key in file
# Test248.private.pem, SHA1 digest and PKCS padding [1]:

Jerrys-Mac-Mini: jk$ echo -n "Bonehead" \
 | openssl dgst -sha1 -binary\
 | openssl rsautl -pkcs -sign -inkey Test248.private.pem -hexdump

0000 - 8a c6 56 19 97 f5 e7 16-20 30 f2 2f 0e af 7c 28   ..V.....  
0./..|(
0010 - df 9d cd 5a 0e b0 11 c1-cc bb f2 3b 03 87 f0  
96   ...Z.......;....
0020 - 0d ce b4 55 dc 69 81 bc-30 40 75 9d 74 b8 b7 bd   ...U.i.. 
[EMAIL PROTECTED]
0030 - 3b 15 a0 5d c2 db ab 9a-8d d3 f2 4b 77 e1 e9  
a1   ;..].......Kw...

##############################################################

Now I try to create the same signature using a perl script:

##############################################################
#!/usr/local/bin/perl -w

use strict ;
use warnings ;

use Crypt::OpenSSL::Random ;
use Crypt::OpenSSL::RSA ;

# Read in the key file just created
my $private_key_string = "" ;

my $key_path = "/Users/jk/Documents/SheepSystems/Keys/ 
Test248.private.pem" ;

open (KEY_FILE, $key_path) ;
    while (my $line = <KEY_FILE>) {
        $private_key_string .= $line ;
    }
close(KEY_FILE);

print "Read key from file:\n$private_key_string\n" ;


my $rsa_priv = Crypt::OpenSSL::RSA- 
>new_private_key($private_key_string);


# Use same message, padding and digest as in the command-line test
my $msg = "Bonehead" ;
$rsa_priv->use_pkcs1_padding();
$rsa_priv->use_sha1_hash() ;

my $signature = $rsa_priv->sign($msg);
my $showHexSig = showHex($signature) ;
print "signature of 'Bonehead':\n$showHexSig\n" ;

# sub showHex is shown at the bottom of this message
##############################################################

Running the above script, I get this:

##############################################################
Read key from file:
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALE2d5DpKbYxfIqv+6jYnW6DDvDyJFCdQt+s432GQsy8+ymL9DOR
mPcRQfk1jas1pqtsy+GGUlYd4R1kxbBZb4UCAwEAAQJANqtw83ma7qQRoc9sucgp
uUAhSd/JqDz7tnllrQHQdcyLMRSCBxvZ/i72YVixRRTHb1GVZ79iJWBmzh8ATLvj
uQIhAOuYWu6Vkve+zQ4Cd5EGWpytY/Or/6ZXvQf3L9ELIB07AiEAwI+miVT8t22w
Ge1IX+Q3L7lK2uBm97Pkwix9Wf7K2j8CIFUrQtQ1ZmgBpgeGhMr8zQ0O8a9JYqYz
2bZjefnMV9O5AiEAqSrKLKYcKm1To0NhLNUKYoPPLkCsVPqWgruhGDoOLfMCIE1E
kpJF13Dtq3KQOsaCoXbL4vo350vkBUrSovu45/6p
-----END RSA PRIVATE KEY-----

signature of 'Bonehead':
64 bytes:
 78 b3 43 22 4b 4b 86 7f 47 25 00 f1 62 a2 66 70
 e6 7e 82 f2 7a b6 cf ff ab dd f1 8a ff 0d cf a1
 b5 3d 60 dc ac 9f 6f 0c 83 b9 51 c9 ac fa 7d 15
 0b cc 97 cf 99 e5 6b ee 41 f0 d1 35 a1 a0 c1 09
##############################################################


As you can see the two signatures are both 64 bytes long but do not  
match.


What might I be missing?

Thanks very much,

Jerry Krinock


[1] The reason I used PKCS padding (-pkcs) is because if I change it  
to -oaep in the command-line test, I get an error message:

RSA operation error

   error:04066076:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:unknown  
padding type:rsa_eay.c:360:

which does not make sense because my version is:
Jerrys-Mac-Mini:Keys jk$ openssl
OpenSSL> version
OpenSSL 0.9.7l 28 Sep 2006

and "RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP()  
were added in OpenSSL 0.9.2b" according to documentation: http://openssl.org/docs/crypto/RSA_padding_add_PKCS1_type_1.html#


[2]
sub showHex {
    my $data = shift ;
    use bytes ;
    my $len = length($data) ;
    my $i ;
    my $show = "" ;
    for ($i=0; $i<$len; $i++) {
        my $value = ord(substr($data, $i, 1)) ;
        $show .= " " ;
        $show .= sprintf("%02x", $value) ;
        if ((($i+1) % 16) == 0) {
            $show .= "\n" ;
        }
    }

    return "$len bytes:\n$show" ;
}

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to