在证书签名请求中手动创建的签名与openssl req生成的签名不匹配 [英] Manually created signature in certificate signing request is not matching with the openssl req generated signature
问题描述
- 使用以下命令创建证书签名请求:
$ openssl genrsa -out test.key 2048$ openssl req -new -key test.key -subj"/CN = foo";出foo.csr -
借助提供的步骤 @marc ,我已经从其中提取了4个文件:
- info.der(
openssl asn1parse -in foo.csr -strparse 4 -out info.der) - pub.pem(
openssl req -pubkey -in foo.csr -noout -out pub.pem) - hash.manual(保存的命令
"sha256 info.der"的十六进制输出) - sig.raw(
openssl asn1parse -in foo.csr -strparse 338 -out sig.raw)
- info.der(
-
我的理解/怀疑是签名",foo.csr中提到的只是加密的输出""hash.manual"的带有私钥"test.key".为了验证我的理解
$ openssl rsautl -encrypt -in hash_manual -inkey test.key -out manual_signature -
现在,当我在这两个文件上执行diff时,它们不匹配,并且hexdump -C确认sig.raw与(openssl req -in csr --text)中提到的签名输出匹配.
-
请帮助说明为什么manual_signature&sig.raw不匹配.
您有两个问题:
- 您需要使用
sign而不是encrypt.对于RSA,encrypt是使用公钥加密,而sign是使用私钥加密 -
rsautl的输出格式错误
第一个很容易修复,只需使用 -sign .
第二个有点烦人,不仅是 sha256 输出被签名,而且是一个如下所示的ASN.1结构:
0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ... 最后一个 OCTET STRING 字段是原始的 sha256 哈希.
最简单的方法是使用 openssl dgst 组合哈希和签名:
#哈希并签署certificateRequestInfo$ openssl dgst -sha256 -sign test.key info.der>manual_signature#与提取的sig.raw比较(无输出表示无差异)$ diff manual_signature sig.raw#使用公钥验证提取的sig.raw和manual_signature$ openssl rsautl -verify -pubin -inkey pub.pem -in sig.raw -asn1parse0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ...$ openssl rsautl -verify -pubin -inkey pub.pem -in manual_signature -asn1parse0:d = 0 hl = 2 l = 49缺点:序列2:d = 1 hl = 2 l = 13缺点:序列4:d = 2 hl = 2 l = 9原始:对象:sha25615:d = 2 hl = 2 l = 0 prim:空17:d = 1 hl = 2 l = 32 prim:OCTET STRING0000-dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q .........0010-4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7 ..... I.C ... - Created certificate signing request using following commands :
$ openssl genrsa -out test.key 2048
$ openssl req -new -key test.key -subj "/CN=foo" -out foo.csr
with the help of steps provided @marc i have extracted 4 files from it :
- info.der (
openssl asn1parse -in foo.csr -strparse 4 -out info.der) - pub.pem (
openssl req -pubkey -in foo.csr -noout -out pub.pem) - hash.manual ( saved hex output of command
"sha256 info.der") - sig.raw (
openssl asn1parse -in foo.csr -strparse 338 -out sig.raw)
- info.der (
My understanding / doubt is , "Signature" mentioned in foo.csr is nothing but "encrypted ouptut" of the "hash.manual" with private key "test.key". so to validate my understanding i used
$ openssl rsautl -encrypt -in hash_manual -inkey test.key -out manual_signature
Now when i perform diff on these two files they are not matching and hexdump -C confirms the sig.raw is matching the signature output mentioned in (openssl req -in csr --text).
Please help in clarifying why manual_signature & sig.raw are not matching.
You have two problems:
- you need to use
signrather thanencrypt. For RSA,encryptis encryption with the public key butsignis encryption with the private key - the output of
rsautlis in the wrong format
The first is easy to fix, just use -sign.
The second is a bit more annoying, it is not just the sha256 output being signed, it's an ASN.1 structure that looks like this:
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>.
0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C...
Where the final OCTET STRING field is the raw sha256 hash.
The easiest way to generate this is to use openssl dgst to combine hashing and signature:
# Hash and sign the certificationRequestInfo
$ openssl dgst -sha256 -sign test.key info.der > manual_signature
# Compare to extracted sig.raw (no output means no diff)
$ diff manual_signature sig.raw
# Verify both the extracted sig.raw and the manual_signature using the public key
$ openssl rsautl -verify -pubin -inkey pub.pem -in sig.raw -asn1parse
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>.
0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C...
$ openssl rsautl -verify -pubin -inkey pub.pem -in manual_signature -asn1parse
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - dc 31 c9 99 51 ce 03 a2-aa 14 13 f1 c4 f6 3e ea .1..Q.........>.
0010 - 4f 87 a2 56 37 de 7f a7-c1 87 49 f0 43 c9 ba bb O..V7.....I.C...
这篇关于在证书签名请求中手动创建的签名与openssl req生成的签名不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
