Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit: > Hi people, I have a problem in in certifications in low level issue, > but I think it is the best place to solve, > > I need to generate a PKCS#10 with a very limited device, a MSP430F5438 > from Texas Instruments plus a co-processor that implement the RSA and > SHA-1 algorithms. > > The coprocessor generate the key pair, as shown below. I used the > private key generate to sign the part in the of the CSR message. I > used RSA 1024 with SHA-1 algorithms to do this. As result we got the > file example.der. I used the site > <http://www.motobit.com/util/base64-decoder-encoder.asp> to transform > the DER file in the example.pem. To validate this information, I use > the site <http://www.redkestrel.co.uk/cgi/decodeCSR.cgi>, achieving as > result the warning "The CSR has an invalid signature".
The signature is really invalid. I took your DER file, extracted the signature block on one side, extracted the public key on the other side, and performed the raw RSA verification operation: openssl rsautl -in example.der.sig -inkey example.key -pubin -verify -hexdump -raw 0000 - 32 dc d5 61 c5 88 4a 00-b3 a9 9b c2 61 ce d6 01 2..a..J.....a... 0010 - f6 b4 83 9b 60 0f 7d 99-15 34 e6 47 98 2b 06 5a ....`.}..4.G.+.Z 0020 - cc 07 39 c6 f7 87 f4 75-6e 1a 16 5b 32 70 5a a3 ..9....un..[2pZ. 0030 - 5e 42 c0 71 02 4c a3 1d-48 31 7c 7c 12 bb 3f e6 ^B.q.L..H1||..?. 0040 - c4 4d e7 dc 43 80 0e b8-fe cb ba 15 b6 1e 8c 3d .M..C..........= 0050 - 1b 98 31 04 23 51 9d 26-d7 ac fc a5 6d 47 6a 4f ..1.#Q.&....mGjO 0060 - 9d bb 12 e3 e0 44 c7 4d-23 4c c0 49 a6 40 fe 38 .....D.M#L.I.@.8 0070 - e7 ab 48 f6 a3 f3 a5 a6-1a 11 bb 1b 94 d9 e0 bc ..H............. This isn't a valid signature (02, padding, DER sequence with hash OID and value). Are you sure of your public key? -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS 11-13 rue René Jacques - 92131 Issy les Moulineaux Cedex - France Tél.: +33 1 55 64 22 07 http://www.keynectis.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
