Hi Erwann, Thank you for reply, I didn't understand what you mean with this sequence (02, padding, DER sequence with hash OID and value). Can you explain? The hash of our der file (without the first header, the signature header and the signature) should be the expected result of your command (openssl rsautl -in example.der.sig -inkey example.key -pubin -verify -hexdump -raw)?
2011/8/4 Erwann ABALEA <erwann.aba...@keynectis.com>: > Hodie pr. Non. Aug. MMXI, Giordano Bruno scripsit: >> Hi people, I have a problem in in certifications in low level issue, >> but I think it is the best place to solve, >> >> I need to generate a PKCS#10 with a very limited device, a MSP430F5438 >> from Texas Instruments plus a co-processor that implement the RSA and >> SHA-1 algorithms. >> >> The coprocessor generate the key pair, as shown below. I used the >> private key generate to sign the part in the of the CSR message. I >> used RSA 1024 with SHA-1 algorithms to do this. As result we got the >> file example.der. I used the site >> <http://www.motobit.com/util/base64-decoder-encoder.asp> to transform >> the DER file in the example.pem. To validate this information, I use >> the site <http://www.redkestrel.co.uk/cgi/decodeCSR.cgi>, achieving as >> result the warning "The CSR has an invalid signature". > > The signature is really invalid. > I took your DER file, extracted the signature block on one side, > extracted the public key on the other side, and performed the raw RSA > verification operation: > > openssl rsautl -in example.der.sig -inkey example.key -pubin -verify -hexdump > -raw > 0000 - 32 dc d5 61 c5 88 4a 00-b3 a9 9b c2 61 ce d6 01 2..a..J.....a... > 0010 - f6 b4 83 9b 60 0f 7d 99-15 34 e6 47 98 2b 06 5a ....`.}..4.G.+.Z > 0020 - cc 07 39 c6 f7 87 f4 75-6e 1a 16 5b 32 70 5a a3 ..9....un..[2pZ. > 0030 - 5e 42 c0 71 02 4c a3 1d-48 31 7c 7c 12 bb 3f e6 ^B.q.L..H1||..?. > 0040 - c4 4d e7 dc 43 80 0e b8-fe cb ba 15 b6 1e 8c 3d .M..C..........= > 0050 - 1b 98 31 04 23 51 9d 26-d7 ac fc a5 6d 47 6a 4f ..1.#Q.&....mGjO > 0060 - 9d bb 12 e3 e0 44 c7 4d-23 4c c0 49 a6 40 fe 38 .....D.M#L.I.@.8 > 0070 - e7 ab 48 f6 a3 f3 a5 a6-1a 11 bb 1b 94 d9 e0 bc ..H............. > > This isn't a valid signature (02, padding, DER sequence with hash OID > and value). > > Are you sure of your public key? > > -- > Erwann ABALEA <erwann.aba...@keynectis.com> > Département R&D > KEYNECTIS > 11-13 rue René Jacques - 92131 Issy les Moulineaux Cedex - France > Tél.: +33 1 55 64 22 07 > http://www.keynectis.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
