多种OpenSSL RSA签名方法产生不同的结果 [英] Multiple OpenSSL RSA signing methods produce different results
问题描述
尝试绕过签名并使用/测试各种选项.
Trying to wrap my head around signing and use/test various options.
我可以使用以下命令签名:
I can sign using this command:
openssl dgst -sha256 -sign private_key.pem -binary -out sig_file data_file
但是文档似乎说我也可以使用这种方法
But the documentation seems to say that I can also use this method
openssl dgst -sha256 -binary data_file > hash_file
openssl rsautl -sign -inkey private_key.pem -keyform PEM -in hash_file > sig_file2
但是当我希望它们相同时,签名是不同的.我可能错过了选项中的某些内容,或者我的假设中有其他错误的地方.
But the signatures are different when I'd expect them to be identical. Either I missed something in the options or something else is wrong in my assumptions.
这个问题的真正问题是:有一种方法可以使用命令行选项进行签名,因为我已经具有哈希值并产生与上面的第一个命令相同的签名.
The real question from this issue: Is there a way to sign using command line options given that I already have the hash value and produce a signature that is identical to the first command above.
要添加更多内容,我可以轻松地在代码中重现第一个命令,并且它与上面的第一个命令匹配,这意味着我可以使用首先计算出的哈希值进行签名.
To add more to this, I can reproduce the first command easily in code and it matches the first command above meaning that I can sign with the hash value calculated first.
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
EVP_DigestUpdate(mdctx, data, len);
EVP_DigestFinal_ex(mdctx, hash, &s);
EVP_MD_CTX_destroy(mdctx);
kfile = fopen64(key_file, "r");
key = PEM_read_RSAPrivateKey(kfile, NULL, NULL, NULL);
fclose(kfile);
*sig = malloc(RSA_size(key));
RSA_sign(NID_sha256, hash, hlen, *sig, siglen, key);
推荐答案
重复:差异在openSSL rsautl和dgst之间
密切相关:
为什么我用OpenSSL和Java生成的RSA-SHA256签名是否不同?
使用C例程和openssl时的签名不同dgst,rsautl命令
使用openssl.exe使用256位RSA密钥对20字节消息进行签名,但不能在代码中使用
交叉复制: https://superuser. com/questions/943972/openssl-pkeyutl-sign-和openssl-rsautl-sign之间的区别是什么
Dupe: Difference between openSSL rsautl and dgst
Closely related:
Why are the RSA-SHA256 signatures I generate with OpenSSL and Java different?
Different signatures when using C routines and openssl dgst, rsautl commands
Signing 20-byte message with 256-bit RSA key working with openssl.exe but not in code
Crossdupe: https://superuser.com/questions/943972/what-is-the-difference-between-openssl-pkeyutl-sign-and-openssl-rsautl-sign
TLDR :针对RSA的dgst -sign
执行完整的RSASSA-PKCS1-v1_5:对数据进行哈希处理,在ASN.1中对哈希进行编码,填充结果并进行modexp d. rsautl -sign
仅执行最后两个,而dgst
本身仅执行第一个,因此跳过编码会产生不同的非标准签名. dgst
(或您自己的哈希),然后 pkeyutl -sign
,并带有RSA密钥和-pkeyopt digest:name_of_digest
(重要!),也可以工作并回答您的真实问题.
TLDR: dgst -sign
for RSA does the full RSASSA-PKCS1-v1_5: hash the data, encode the hash in ASN.1, pad the result, and modexp d. rsautl -sign
does only the last two and dgst
by itself only the first, thus skipping the encode producing a different and nonstandard signature. dgst
(or your own hash) then pkeyutl -sign
with an RSA key and -pkeyopt digest:name_of_digest
(important!) also works and answers your real question.
这篇关于多种OpenSSL RSA签名方法产生不同的结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!