Bonjour, The ASN.1 structure (it's a DigestInfo) is part of the PKCS#1 v1.5 padding for signature operations. PKCS#1v1.5 is rewritten in RFC2313.
Using the command line tool, you can reproduce this: echo -n "Mary had a little lamb." > datatosign either one of the following can be used to sign data: openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1 -binary datatosign) -sign -pkeyopt digest:sha1 > signing and you can display the signature either way (this will not "verify", it will only perform the RSA verify operation with PKCS#1v1.5 padding, without checking the validity or even if what has been signed is a DigestInfo structure, and output the result of the RSA operation): openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse openssl pkeyutl -verifyrecover -inkey tests/keys/rsa_key1.pub -pubin -in signing -asn1parse or you can actually verify the thing without displaying the result of the RSA verify crypto operation: openssl pkeyutl -verify -inkey tests/keys/rsa_key1.pub -pubin -in <(openssl dgst -sha1 -binary datatosign) -sigfile signing -pkeyopt digest:sha1 openssl dgst -verify tests/keys/rsa_key1.pub -signature signing -sha1 datatosign On Wed, May 4, 2022 at 7:16 AM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > Hi, > > I did the following in trying to build some validation steps to use > against my own rewrite of the crypto functions in Asterisk (to use > EVP-PKEY). > > % echo -n "Mary had a little lamb." | openssl sha1 -binary > digest > > % od -t x1 digest > 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04 > 0000020 bd ef 57 00 > 0000024 > > % openssl rsautl -sign -inkey tests/keys/rsa_key1.key -pkcs -in digest > > signing > > % openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in > signing > digest2 > > % od -t x1 digest > 0000000 4e 07 b8 c7 aa f2 a4 ed 4c e3 9e 76 f6 5d 2a 04 > 0000020 bd ef 57 00 > 0000024 > > And all of that looks good. > > But when I take the result of calling: > > const char msg[] = "Mary had a little lamb."; > unsigned msglen = sizeof(msg) - 1; > char digest[20]; > > /* Calculate digest of message */ > SHA1((unsigned char *)msg, msglen, digest); > > res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, > key->rsa); > > And write that (dsig, siglen) to a file (signing2) and then try to verify > that, I get very different results: > > openssl rsautl -verify -inkey tests/keys/rsa_key1.pub -pubin -pkcs -in > signing2 -asn1parse > 0:d=0 hl=2 l= 33 cons: SEQUENCE > 2:d=1 hl=2 l= 9 cons: SEQUENCE > 4:d=2 hl=2 l= 5 prim: OBJECT :sha1 > 11:d=2 hl=2 l= 0 prim: NULL > 13:d=1 hl=2 l= 20 prim: OCTET STRING > 0000 - 4e 07 b8 c7 aa f2 a4 ed-4c e3 9e 76 f6 5d 2a 04 > N.......L..v.]*. > 0010 - bd ef 57 00 ..W. > > Why is RSA_sign() wrapping the signature in ASN.1? > > Or, put a different way, how do I reproduce what RSA_sign() is doing from > the command line? > > Is there another command that does RSA signing besides rsautl? > > Thanks, > > -Philip > > > -- Cordialement, Erwann Abalea.