#41033 [Asn]: Patch to enable signing with DSA keys

Tue, 17 Apr 2007 11:32:27 -0700 

 ID:               41033
 User updated by:  gordyf at google dot com
 Reported By:      gordyf at google dot com
 Status:           Assigned
 Bug Type:         Feature/Change Request
 Operating System: any
 PHP Version:      5.2.1
 Assigned To:      pajoye
 New Comment:

I notice there hasn't been any activity on this for a week -- is there
any additional information that I can provide?


Previous Comments:
------------------------------------------------------------------------

[2007-04-10 00:47:11] gordyf at google dot com

It seems I shouldn't have used link tags, here they are without
trailing quotes.

Man page: http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html
Patch: http://trigse.cx/php-openssl-patch.diff

------------------------------------------------------------------------

[2007-04-10 00:43:02] gordyf at google dot com

Description:
------------
This patch enables signing and verifying signatures with DSA keys. This
currently does not work because EVP_sha1() is called when signing with
SHA1 hash, and EVP_dss1() must be called for DSA-SHA1 signing.  It adds
the OPENSSL_ALGO_DSS1 constant which must be used with the last
parameter of openssl_sign and openssl_verify when using a DSA key.

>From the <a
href="http://www.die.net/doc/linux/man/man3/evp_digestinit.3.html";>man
page</a>: "The link between digests and signing algorithms results in a
situation where EVP_sha1() must be used with RSA and EVP_dss1() must be
used with DSS even though they are identical digests."

Patch available <a
href="http://trigse.cx/php-openssl-patch.diff";>here</a>.

Reproduce code:
---------------
$key = file_get_contents("keys/dsa.privkey.pem");
$prkeyid = openssl_get_privatekey($key);
$ct = "Hello I am some text!";
openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_DSS1);
echo "Signature: ".base64_encode($signature)."<br>";

$key = file_get_contents("keys/dsa.pubkey.pem");
$pukeyid = openssl_get_publickey($key);
$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_DSS1);
echo "Signature validity: ".$valid;

Expected result:
----------------
(After patch)
Signature:
MCwCFGKwtl03QDikxpqoGMrr4+EPoZfZAhQYIl/Bhzur/CW50b3ZFf5dYig3PA==
Signature validity: 1

Actual result:
--------------
(Before patch)
Signature:
Signature validity: -1


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=41033&edit=1

Reply via email to