如何使用 OpenSSL 计算 RSA-SHA1(sha1WithRSAEncryption) 值 [英] How to compute RSA-SHA1(sha1WithRSAEncryption) value with OpenSSL

问题描述

我对 RSA-SHA1 感到困惑，我认为它是 RSA_private_encrypt(SHA1(message)).但我无法获得正确的签名值.有什么问题吗?

I'm confused about RSA-SHA1, I thought it's RSA_private_encrypt(SHA1(message)). But I can't get the correct signature value. Is there anything wrong?

推荐答案

是的，PKCS#1 加密和 PKCS#1 签名是 不同.在加密情况下(您尝试过的情况)，输入消息在取幂之前只是被填充.

Yes, PKCS#1 encryption and PKCS#1 signatures are different. In the encryption case (the one you tried), the input message is simply padded before it is exponentiated.

另一方面，PKCS#1 签名将首先计算表单的 ASN.1 DER 结构

PKCS#1 signagtures on the other hand will first calculate an ASN.1 DER structure of the form

DigestInfo ::= SEQUENCE {
    digestAlgorithm AlgorithmIdentifier,
    digest OCTET STRING
}

然后再次填充以形成编码消息EM

This is then padded again to form the encoded message EM

EM = 0x00 || 0x01 || PS || 0x00 || T

其中 PS 是足够长的 0xff 填充字符串.如果您复制此 EM 并使用 RSA_private_encrypt，那么您将获得正确的 PKCS#1 v1.5 签名编码，与使用 RSA_sign 获得的相同或什至更好，使用通用的 EVP_PKEY_sign.

where PS is a padding string of 0xff of sufficient length. If you reproduce this EM and use RSA_private_encrypt, then you will get the correct PKCS#1 v1.5 signature encoding, the same you would get with RSA_sign or even better, using the generic EVP_PKEY_sign.

这里有一个 Ruby 的小演示:

Here's a little demonstration in Ruby:

require 'openssl'
require 'pp'

data = "test"
digest = OpenSSL::Digest::SHA256.new
hash = digest.digest("test")
key = OpenSSL::PKey::RSA.generate 512

signed = key.sign(digest, data)
dec_signed = key.public_decrypt(signed)

p hash
pp OpenSSL::ASN1.decode dec_signed

SHA-256 哈希打印如下:

The SHA-256 hash prints out as follows:

"x9Fx86xD0x81x88L}ex9A/..."

dec_signed 是 RSA_sign 用公钥再次解密的结果 - 这给了我们移除填充的 RSA 函数的准确输入，并且随着它的转动出来，这正是上面提到的DigestInfo结构:

dec_signed is the result of RSA_sign decrypted again with the public key - this gives us back exactly the input to the RSA function with the padding removed, and as it turns out, this is exactly the DigestInfo structure mentioned above:

 #<OpenSSL::ASN1::Sequence:0x007f60dc36b250
 @infinite_length=false,
 @tag=16,
 @tag_class=:UNIVERSAL,
 @tagging=nil,
 @value=
  [#<OpenSSL::ASN1::Sequence:0x007f60dc36b318
    @infinite_length=false,
    @tag=16,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value=
     [#<OpenSSL::ASN1::ObjectId:0x007f60dc36b390
       @infinite_length=false,
       @tag=6,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value="SHA256">,
      #<OpenSSL::ASN1::Null:0x007f60dc36b340
       @infinite_length=false,
       @tag=5,
       @tag_class=:UNIVERSAL,
       @tagging=nil,
       @value=nil>]>,
   #<OpenSSL::ASN1::OctetString:0x007f60dc36b2a0
    @infinite_length=false,
    @tag=4,
    @tag_class=:UNIVERSAL,
    @tagging=nil,
    @value="x9Fx86xD0x81x88L}ex9A/...">]>

如您所见，DigestInfo 的 digest 字段的值与我们自己计算的 SHA-256 哈希值相同.

As you can see, the value of the digest field of DigestInfo is the same as the SHA-256 hash that we computed ourselves.

这篇关于如何使用 OpenSSL 计算 RSA-SHA1(sha1WithRSAEncryption) 值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！