Crypto RSAWithSHA1 sign

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

Denis,

 

I found that when you join the "privateKey" bytes with the publicKey bytes it does nothing.  The "privateKey" bytes alone carry the public key with the private key.  The Der bytes result in a 9 element OrderedCollection and fields 2 and 3 are the exponent and modulus for the public key.

 

So I run the following to get both keys:

 

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr

jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey.
publicKey := r asPublicKey.

privateKey := r asPrivateKey.
{publicKey. privateKey}

 

 

Now I look at the publicKey you gave me and the 2 elements of a OrderedCollection.  The second element is a BitString and if you reach in a grab the bytes, they are also DER encoded.  So decode those and you get the exponent and modulus of the publicKey.  I wrote a class attached to process an RSA Public Key.  I used the code below to process it:

 

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPublicKeyFileReader new.
r bytes: derKey .
publicKey := r asPublicKey .

 

Thanks for the test!

 

Cheers,
Rob

From: [hidden email]

Sent: Thursday, September 23, 2010 3:33 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

And verification work good.

I attatch new tests

2010/9/23 Denis Kudriashov <[hidden email]>

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

---

Denis,

 

I found that when you join the "privateKey" bytes with the publicKey bytes it does nothing.  The "privateKey" bytes alone carry the public key with the private key.  The Der bytes result in a 9 element OrderedCollection and fields 2 and 3 are the exponent and modulus for the public key.

 

So I run the following to get both keys:

 

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr

jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey.
publicKey := r asPublicKey.

privateKey := r asPrivateKey.
{publicKey. privateKey}

 

 

Now I look at the publicKey you gave me and the 2 elements of a OrderedCollection.  The second element is a BitString and if you reach in a grab the bytes, they are also DER encoded.  So decode those and you get the exponent and modulus of the publicKey.  I wrote a class attached to process an RSA Public Key.  I used the code below to process it:

 

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPublicKeyFileReader new.
r bytes: derKey .
publicKey := r asPublicKey .

 

Thanks for the test!

 

Cheers,
Rob

From: [hidden email]

Sent: Thursday, September 23, 2010 3:33 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

And verification work good.

I attatch new tests

2010/9/23 Denis Kudriashov <[hidden email]>

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

---

I published our code changes into both the Cryptography repository's Cryptography package and in the Inbox's Crypto packages.

 

All tests are green.

 

Thanks, Denis!

From: [hidden email]

Sent: Thursday, September 23, 2010 5:10 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Thank you very much Rob.

All good ok.

2010/9/23 Rob Withers <[hidden email]>

Denis,

 

I found that when you join the "privateKey" bytes with the publicKey bytes it does nothing.  The "privateKey" bytes alone carry the public key with the private key.  The Der bytes result in a 9 element OrderedCollection and fields 2 and 3 are the exponent and modulus for the public key.

 

So I run the following to get both keys:

 

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr

jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey.
publicKey := r asPublicKey.

privateKey := r asPrivateKey.
{publicKey. privateKey}

 

 

Now I look at the publicKey you gave me and the 2 elements of a OrderedCollection.  The second element is a BitString and if you reach in a grab the bytes, they are also DER encoded.  So decode those and you get the exponent and modulus of the publicKey.  I wrote a class attached to process an RSA Public Key.  I used the code below to process it:

 

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPublicKeyFileReader new.
r bytes: derKey .
publicKey := r asPublicKey .

 

Thanks for the test!

 

Cheers,
Rob

From: [hidden email]

Sent: Thursday, September 23, 2010 3:33 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

And verification work good.

I attatch new tests

2010/9/23 Denis Kudriashov <[hidden email]>

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

---

---

I published our code changes into both the Cryptography repository's Cryptography package and in the Inbox's Crypto packages.

 

All tests are green.

 

Thanks, Denis!

From: [hidden email]

Sent: Thursday, September 23, 2010 5:10 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Thank you very much Rob.

All good ok.

2010/9/23 Rob Withers <[hidden email]>

Denis,

 

I found that when you join the "privateKey" bytes with the publicKey bytes it does nothing.  The "privateKey" bytes alone carry the public key with the private key.  The Der bytes result in a 9 element OrderedCollection and fields 2 and 3 are the exponent and modulus for the public key.

 

So I run the following to get both keys:

 

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr

jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ=='.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey.
publicKey := r asPublicKey.

privateKey := r asPrivateKey.
{publicKey. privateKey}

 

 

Now I look at the publicKey you gave me and the 2 elements of a OrderedCollection.  The second element is a BitString and if you reach in a grab the bytes, they are also DER encoded.  So decode those and you get the exponent and modulus of the publicKey.  I wrote a class attached to process an RSA Public Key.  I used the code below to process it:

 

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

 

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream )
contents.

 

r := RSAPublicKeyFileReader new.
r bytes: derKey .
publicKey := r asPublicKey .

 

Thanks for the test!

 

Cheers,
Rob

From: [hidden email]

Sent: Thursday, September 23, 2010 3:33 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

And verification work good.

I attatch new tests

2010/9/23 Denis Kudriashov <[hidden email]>

I found when I join private and public keys my code work good and I get RSAKey instance.

I join it by:

key64 := 'MIICXgIBAAKBgQDkI45GM6mYLlbxrKozE6bXWMoxvtVuIWOIF1KcGLED+4Gipriw
Nt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYhATtvODR1nD/dl0JpFH7BLcD9
NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZImTdErllmhzrTKT3YQIDAQAB
AoGBALPQjogomii3hZHQ3QmLGLqtYhjZaBH4wSF3+IXONF+GMcRIklNZuuuGPKt/
JjrUOh4fBqFJDuO3u+aXcx45MRMLVHuQIuUbegJXVS+rnxXI3I6I4SLBkoV7Jqn/
J9T9biOXrzq/xN8XVJQm7zq/FXaHR6l+Wo50LaBj7llY+CMBAkEA8bfsbySseTbI
D7tR/bytEz/DhQ1knKS3nFo83NYwDm7YcdGC+f0rQIUuS30lKApeoygBUiLOSs7K
euxEi6wC0QJBAPGePI59Fc5alAivyTkYdV4sbIL+SL5oXEERRyezogEgRqCGJtyd
MbnVviwREF4MiGTYQIIOx4aFrM/U4q9DL5ECQH+/QImMzEpTlXAbA74iFSZzMJYE
+gN/WjqbxkbAPC2kj2e33ozYLB+xQ0JKJXT/5fw8jFYoZvZKS+CjNabLhcECQQDp
bgrrToXGu1PRoKMzeiHKPfkIBUuaSZD3fA3WmYGmvNv/MhxRf70O4SW9xS6e7lTH
uPV5sXWqzXLLx8zJrotBAkEAgAoiR+5uOW9CgfWkblJ/YIgGbLiLQoFNZbwxXDfr
jcosTQvBjrc//rCnb2Pgm8QRGeN/CXKc9kKoWNqUQSYchQ==

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

Why I cant read public key separetelly?

Best regards,
Denis

2010/9/23 Denis Kudriashov <[hidden email]>

Hello, Rob

I attatch public key in pem format (it corresponds private key in my test).

I try read it by:

key64 := 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkI45GM6mYLlbxrKozE6bXWMox
vtVuIWOIF1KcGLED+4GipriwNt0hkosuil513/CMjn9XBSZtaSsiIOLkXLZtbKYh
ATtvODR1nD/dl0JpFH7BLcD9NGGRKOow0jg8fcPtXhLTy6Dsl7rfmVPJYuc4IlzZ
ImTdErllmhzrTKT3YQIDAQAB'.

derKey := (Base64MimeConverter mimeDecodeToBytes:  key64 readStream ) contents.

r := RSAPrivateKeyFileReader new.
r decryptedBytes: derKey .
publicKey := r asPublicKey .

and last line raise error.

What you think about this?

2010/9/22 Denis Kudriashov <[hidden email]>

Yes, I have public key and start test verification but I faced in some problem and stopped for today.
I can't read public key instance from der bytes (I have pem formated public key file) by same way as I read private key instance (by "aRSAPrivateKeyFileReader asPublicKey").

I think tomorrow I send you my results.

2010/9/22 Rob Withers <[hidden email]>

Denis,

 

One other thing.  Do you have the publicKey for that privateKey you used in the test case?  We should really be checking the verification step as well.

 

Thanks,
Rob

From: [hidden email]

Sent: Wednesday, September 22, 2010 9:51 AM

To: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.

I examine what happen in VW code (it is work good like java). And now I have this version:

v15SignMessageHash: encodedMsg

    | int emLen |
   
    emLen := (p * q) digitLength -1.
       
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
   
    ^ (self crypt: int) asByteArray.

This is give me results same as java and VW.

I attach this method and acceptence test for it.

2010/9/21 Rob Withers <[hidden email]>

Denis,

 

I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me. 

 

Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

 

Rob

 

 

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:31 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Denis,

 

I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says:

 

"Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

 

I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

 

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 12:06 PM

To: [hidden email]

Cc: [hidden email]

Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign

Hi Denis,

 

I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

 

There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

 

Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

 

v15SignMessage: aMessage

 

 ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

and

 

v15SignMessageHash: encodedMsg

 

 | padded toBeSigned |
 padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
 toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
 ^ (self crypt: toBeSigned asInteger) asByteArray.

Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

 

Still trying to download the spec....

 

What do you think?

 

Cheers,

Rob

From: [hidden email]

Sent: Tuesday, September 21, 2010 11:21 AM

To: [hidden email]

Subject: [squeak-dev] Crypto RSAWithSHA1 sign

Hello

Is somebody use Cryptography for RSA with SHA1 digital signature?

I try do same result as I hava in java programm
I have rsa private key as smalltalk object. It has same values as java private key object.

But code

privateKey v15SignMessage: message asByteArray  .

returns me wrong result. Its differ from java working test

---

---

---

---