On Fri, Apr 17, 2009, Rodrigo Canellas wrote: > Hi! > > > > I am trying to use 'RSA_verify' to verify a signature, but I am getting the > error "67567722", which is translated to: "error:0407006A:rsa > routines:RSA_padding_check_PKCS1_type_1:block type is not 01". > > > > When I use 'openssl pkcs7 -in TEST_KEY.RSA -print_certs -text -noout -inform > DER', I get: > " > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > a7:01:33:46:d1:d9:e3:d0 > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > Certificate/emailaddress=rcanel...@tqtvd.com > Validity > Not Before: Feb 3 13:50:52 2009 GMT > Not After : Feb 3 13:50:52 2010 GMT > Subject: C=BR, ST=RJ, O=TQTVD, OU=Test, CN=Astro Test Certificate > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: > 75:26:6b:21:72:ec:ae:6e:9b > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > AF:2D:B9:4E:87:03:CD:53:90:BF:C5:BE:1C:BC:6A:4B:F2:86:67:D8 > X509v3 Authority Key Identifier: > > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > > > > Signature Algorithm: sha1WithRSAEncryption > 06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: > 6e:99 > > > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > a7:01:33:46:d1:d9:e3:cf > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > Certificate/emailaddress=rcanel...@tqtvd.com > Validity > Not Before: Feb 3 13:15:26 2009 GMT > Not After : Feb 3 13:15:26 2012 GMT > Subject: C=BR, ST=RJ, O=TQTVD, OU=Development, CN=Astro Root CA > Certificate/emailaddress=rcanel...@tqtvd.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:a9:f9:f8:70:d7:aa:a2:16:83:59:69:11:af:f8: > dc:6d:f2:0b:e1:b1:39:12:90:4c:28:e2:24:da:8b: > 49:78:3c:97:2f:4e:ca:2e:1f:29:a4:f9:94:40:17: > b2:6b:30:5b:51:20:f9:50:f3:be:1f:f4:ce:35:fb: > 05:93:98:04:37:aa:d8:1f:90:a5:f7:04:43:ed:b3: > 8a:fd:00:fa:f1:36:a8:ef:29:bb:cf:92:95:5f:e0: > 04:f2:2b:64:52:63:ac:f2:77:b7:b1:60:cf:5e:13: > e9:ec:8e:37:ef:c3:de:ca:55:51:1d:f5:61:c2:c8: > b0:e7:c2:3e:4b:1f:c3:16:49 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Key Identifier: > 96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > X509v3 Authority Key Identifier: > > keyid:96:E6:89:95:4C:72:BB:46:17:4F:90:B6:2C:C3:AC:61:1D:37:82:10 > DirName:/C=BR/ST=RJ/O=TQTVD/OU=Development/CN=Astro Root CA > Certificate/emailaddress=rcanel...@tqtvd.com > serial:A7:01:33:46:D1:D9:E3:CF > > > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: sha1WithRSAEncryption > 60:95:2e:f7:21:f0:16:bc:67:35:6c:c1:0d:ea:0d:25:38:2a: > c8:70:4e:8b:99:08:27:65:88:3e:ff:9c:eb:4d:26:e2:30:15: > 34:2b:82:58:65:ff:29:d3:ec:9f:12:50:f9:65:c0:79:1c:63: > 72:52:13:c3:b2:68:41:3a:b2:3c:8e:47:11:28:f2:c4:61:98: > 1e:de:97:08:3d:b0:c6:06:db:44:f8:b2:92:6e:68:42:8c:5c: > b3:66:dd:f0:72:32:12:c9:ae:d2:a2:0b:7a:f5:ca:ea:30:cb: > 11:f6:2b:31:d8:ac:eb:49:37:c2:79:07:e2:e9:78:51:6b:23: > a7:33 > " > > > > The hash of the file that was signed by the first certificate in the chain, > i.e., serial "a7:01:33:46:d1:d9:e3:d0" is "11 18 41 32 20 0B 73 D9 B4 6B 35 > B3 CF FA B4 73 96 66 3C 8F". I get this result from my program as well as > from 'sha1sum'. > > > > 'RSA_verify' is called with: > 'type' as "NID_sha1", > 'm' as "11 18 41 32 20 0B 73 D9 B4 6B 35 B3 CF FA B4 73 96 66 3C 8F", > 'm_len' is "20", > 'sigbuf' is > '06:90:74:58:c1:fb:5a:50:fd:fe:97:26:2f:f0:4c:f1:4c:93: > 2e:6a:86:63:ad:57:b7:8c:9c:c5:43:e9:c1:70:c9:11:68:4a: > 18:a4:08:a7:6b:3f:2b:99:31:96:cb:53:21:7a:a3:dc:7d:02: > 0e:c3:da:30:8e:93:3a:5a:19:af:b7:ca:8f:30:2b:e8:17:f6: > 59:ac:3e:47:a7:8b:45:35:f5:8f:1f:ac:b6:ec:db:f2:57:21: > ce:79:67:a5:f4:3d:03:05:cd:65:b6:c0:7e:70:77:a2:7e:be: > 8f:00:40:2a:51:65:a7:c5:11:82:ec:6e:b1:2b:6b:d3:2d:47: > 6e:99' > 'siglen' is "128", > and 'rsa' is created like this (error checking and handling ommited): > " > rsa = RSA_new (); > rsa->n = BN_bin2bn(bufPubKeyMod, pubKeyMod.size (), 0); > rsa->e = BN_bin2bn(bufPubKeyExp, 3, 0); > " > where 'bufPubKeyMod' is > " 00:8b:2d:a8:e6:e8:8f:7c:29:4e:ff:b3:28:b2:3e: > 61:aa:ee:50:6e:2c:9a:5e:11:5d:2a:48:e9:dc:93: > 7f:e5:74:d1:6f:6b:65:fb:0a:43:3a:69:fe:b4:64: > 9a:bf:c3:17:2f:ca:f3:4d:92:be:9c:24:4c:0a:cd: > 13:08:8c:a3:32:9b:b1:b1:a2:06:bb:41:b9:ce:22: > 37:5f:0b:de:a2:0d:f7:49:cb:cd:b1:77:72:e8:ab: > 04:2f:e7:a7:73:2d:95:d4:ae:7e:8a:7c:7c:9b:92: > 86:83:6e:5b:46:b7:a1:bc:0f:d4:22:bf:a3:74:df: > 75:26:6b:21:72:ec:ae:6e:9b" > > > > and 'bufPubKeyExp' is "01:00:01" > > > > What I do not understand (and I think this is the cause of the error) is why > the modulus of the certificate "a7:01:33:46:d1:d9:e3:d0" has 129 bytes, > instead of 128? What does the first '0x00' byte mean? > > > > But, as I am extremely newbie to cryptography, and even more to 'openssl', I > am sure I am making a, well, newbie mistake. > > >
That error usually means you are using the wrong key and/or signature or one or the other has become corrupted. In this case you are using the wrong signature altogether. Unless you have a good reason to manually process a PKCS#7 signature I'd suggest you use the "smime" utility instead or the documented S/MIME API. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
