DigitalSignatureAlgorithm Errors

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

DigitalSignatureAlgorithm Errors

Laurence Rozier
Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence




Reply | Threaded
Open this post in threaded view
|

RE: DigitalSignatureAlgorithm Errors

Ron Teitelbaum

Hi Laurence,

 

I’m not sure I understand what it is you are doing.  Can you tell me what version you are using?  I checked the error you reported on my windows XP system but as you said it works on windows.  There is little I can do about OS/X.  But the examples you sighted also use random typed in characters instead.  There are others solutions such as SecureRandom available at: www.squeaksource.com/Cryptography  we can talk about that if we get past this first part.

 

I tried an example (I’m in Squeak 3.9b-7051) and it appears to be working fine.  Here’s what I did.

 

First I generated a key set.

 

keys := DigitalSignatureAlgorithm generateKeySet.

 

Here is the set I got.

 

#(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 1115914113083931179608861092566623278044302408799) #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))

 

Don’t use this key set since it is now public.

 

Then I signed a message: ‘hello’ with the first key

 

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'

 

So if you send the message along with the public key (keys last) then they can verify the signature with:

 

DigitalSignatureAlgorithm verify:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey: keys last

 

For me this came out as true. 

 

Now I’m not sure what the 40 characters from Amazon are.  The number of characters does not make someone think of key.  It could be a message that you are supposed to sign and send back, a secret message if you will.  That way they can verify your signature since supposedly only you and they know the 40 byte message.  You would send back the signature and not the message, since they know what it is already.  Still that’s just a guess.  Maybe someone else that works with Amazon can tell us.

 

I hope that helps.

 

Happy coding!

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Laurence Rozier
Sent: Wednesday, August 09, 2006 12:54 PM
To: The general-purpose Squeak developers list
Subject: DigitalSignatureAlgorithm Errors

 

Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence



Reply | Threaded
Open this post in threaded view
|

Re: DigitalSignatureAlgorithm Errors

Laurence Rozier
Thanks Ron. I'm doing this in the 3.8. Under WinXP, when I follow your steps exactly, the result of the verify is false. To be clear, when I generate the keyset with:

keys := DigitalSignatureAlgorithm generateKeySet.

I'm asked if I want to generate the random seed from sound input and I respond yes. I get what appears to be a valid keyset. Then I sign the phrase 'hello'

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

and after entering a long string, I get what appears to be a valid signature.  However, when I send verify:isSignatureOf:publicKey: the result is false.

I'm going to try under 3.9 this evening and will let you know.

When you sign-up at Amazon Web Services, you are given an access id which is public and AWS generates the 40 character alphanumeric secret key to be used to sign a SHA1 hash that is passed in with requests. This method is used for all AWS services that require authentication.
`
Laurence

On 8/9/06, Ron Teitelbaum <[hidden email]> wrote:

Hi Laurence,

 

I'm not sure I understand what it is you are doing.  Can you tell me what version you are using?  I checked the error you reported on my windows XP system but as you said it works on windows.  There is little I can do about OS/X.  But the examples you sighted also use random typed in characters instead.  There are others solutions such as SecureRandom available at: <a href="http://www.squeaksource.com/Cryptography" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.squeaksource.com/Cryptography  we can talk about that if we get past this first part.

 

I tried an example (I'm in Squeak 3.9b-7051) and it appears to be working fine.  Here's what I did.

 

First I generated a key set.

 

keys := DigitalSignatureAlgorithm generateKeySet.

 

Here is the set I got.

 

#(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 1115914113083931179608861092566623278044302408799) #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))

 

Don't use this key set since it is now public.

 

Then I signed a message: 'hello' with the first key

 

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'

 

So if you send the message along with the public key (keys last) then they can verify the signature with:

 

DigitalSignatureAlgorithm verify:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey: keys last

 

For me this came out as true. 

 

Now I'm not sure what the 40 characters from Amazon are.  The number of characters does not make someone think of key.  It could be a message that you are supposed to sign and send back, a secret message if you will.  That way they can verify your signature since supposedly only you and they know the 40 byte message.  You would send back the signature and not the message, since they know what it is already.  Still that's just a guess.  Maybe someone else that works with Amazon can tell us.

 

I hope that helps.

 

Happy coding!

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Laurence Rozier
Sent: Wednesday, August 09, 2006 12:54 PM
To: The general-purpose Squeak developers list
Subject: DigitalSignatureAlgorithm Errors

 

Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence








Reply | Threaded
Open this post in threaded view
|

Re: DigitalSignatureAlgorithm Errors

Laurence Rozier
In reply to this post by Ron Teitelbaum
Ron,

Everything works fine in 3.9 although under OS/X there is still the problem with randomBitsFromSoundInput: but I can live with that for the momement. Any suggestions as to how to resolve the 3.8 problem?

TIA,
Laurence


On 8/9/06, Ron Teitelbaum <[hidden email]> wrote:

Hi Laurence,

 

I'm not sure I understand what it is you are doing.  Can you tell me what version you are using?  I checked the error you reported on my windows XP system but as you said it works on windows.  There is little I can do about OS/X.  But the examples you sighted also use random typed in characters instead.  There are others solutions such as SecureRandom available at: <a href="http://www.squeaksource.com/Cryptography" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.squeaksource.com/Cryptography  we can talk about that if we get past this first part.

 

I tried an example (I'm in Squeak 3.9b-7051) and it appears to be working fine.  Here's what I did.

 

First I generated a key set.

 

keys := DigitalSignatureAlgorithm generateKeySet.

 

Here is the set I got.

 

#(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 1115914113083931179608861092566623278044302408799) #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))

 

Don't use this key set since it is now public.

 

Then I signed a message: 'hello' with the first key

 

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'

 

So if you send the message along with the public key (keys last) then they can verify the signature with:

 

DigitalSignatureAlgorithm verify:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey: keys last

 

For me this came out as true. 

 

Now I'm not sure what the 40 characters from Amazon are.  The number of characters does not make someone think of key.  It could be a message that you are supposed to sign and send back, a secret message if you will.  That way they can verify your signature since supposedly only you and they know the 40 byte message.  You would send back the signature and not the message, since they know what it is already.  Still that's just a guess.  Maybe someone else that works with Amazon can tell us.

 

I hope that helps.

 

Happy coding!

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Laurence Rozier
Sent: Wednesday, August 09, 2006 12:54 PM
To: The general-purpose Squeak developers list
Subject: DigitalSignatureAlgorithm Errors

 

Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence








Reply | Threaded
Open this post in threaded view
|

RE: DigitalSignatureAlgorithm Errors

Ron Teitelbaum

Laurence,

 

I found the error on 3.8, thanks for reporting the issue.  The fix is attached and I also entered a bug with the fix on mantis: http://bugs.impara.de/view.php?id=4476

 

The issue was the way 3.8 was writing out the signature which had already been fixed (as you know) on 3.9.

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 


From: Laurence Rozier [mailto:[hidden email]]
Sent: Thursday, August 10, 2006 11:20 AM
To: [hidden email]; The general-purpose Squeak developers list
Subject: Re: DigitalSignatureAlgorithm Errors

 

Ron,

Everything works fine in 3.9 although under OS/X there is still the problem with randomBitsFromSoundInput: but I can live with that for the momement. Any suggestions as to how to resolve the 3.8 problem?

TIA,
Laurence

On 8/9/06, Ron Teitelbaum <[hidden email]> wrote:

Hi Laurence,

 

I'm not sure I understand what it is you are doing.  Can you tell me what version you are using?  I checked the error you reported on my windows XP system but as you said it works on windows.  There is little I can do about OS/X.  But the examples you sighted also use random typed in characters instead.  There are others solutions such as SecureRandom available at: www.squeaksource.com/Cryptography  we can talk about that if we get past this first part.

 

I tried an example (I'm in Squeak 3.9b-7051) and it appears to be working fine.  Here's what I did.

 

First I generated a key set.

 

keys := DigitalSignatureAlgorithm generateKeySet.

 

Here is the set I got.

 

#(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 1115914113083931179608861092566623278044302408799) #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))

 

Don't use this key set since it is now public.

 

Then I signed a message: 'hello' with the first key

 

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'

 

So if you send the message along with the public key (keys last) then they can verify the signature with:

 

DigitalSignatureAlgorithm verify:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey: keys last

 

For me this came out as true. 

 

Now I'm not sure what the 40 characters from Amazon are.  The number of characters does not make someone think of key.  It could be a message that you are supposed to sign and send back, a secret message if you will.  That way they can verify your signature since supposedly only you and they know the 40 byte message.  You would send back the signature and not the message, since they know what it is already.  Still that's just a guess.  Maybe someone else that works with Amazon can tell us.

 

I hope that helps.

 

Happy coding!

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Laurence Rozier
Sent: Wednesday, August 09, 2006 12:54 PM
To: The general-purpose Squeak developers list
Subject: DigitalSignatureAlgorithm Errors

 

Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence




 




DigitalSignatureAlgorithm-signatureToString.st (612 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: DigitalSignatureAlgorithm Errors

Laurence Rozier
Works as expected - thanks!

On 8/10/06, Ron Teitelbaum <[hidden email]> wrote:

Laurence,

 

I found the error on 3.8, thanks for reporting the issue.  The fix is attached and I also entered a bug with the fix on mantis: <a href="http://bugs.impara.de/view.php?id=4476" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://bugs.impara.de/view.php?id=4476

 

The issue was the way 3.8 was writing out the signature which had already been fixed (as you know) on 3.9.

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 


From: Laurence Rozier [mailto:[hidden email]]
Sent: Thursday, August 10, 2006 11:20 AM
To: [hidden email]; The general-purpose Squeak developers list
Subject: Re: DigitalSignatureAlgorithm Errors

 

Ron,

Everything works fine in 3.9 although under OS/X there is still the problem with randomBitsFromSoundInput: but I can live with that for the momement. Any suggestions as to how to resolve the 3.8 problem?

TIA,
Laurence

On 8/9/06, Ron Teitelbaum <[hidden email]> wrote:

Hi Laurence,

 

I'm not sure I understand what it is you are doing.  Can you tell me what version you are using?  I checked the error you reported on my windows XP system but as you said it works on windows.  There is little I can do about OS/X.  But the examples you sighted also use random typed in characters instead.  There are others solutions such as SecureRandom available at: <a href="http://www.squeaksource.com/Cryptography" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.squeaksource.com/Cryptography  we can talk about that if we get past this first part.

 

I tried an example (I'm in Squeak 3.9b-7051) and it appears to be working fine.  Here's what I did.

 

First I generated a key set.

 

keys := DigitalSignatureAlgorithm generateKeySet.

 

Here is the set I got.

 

#(#(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 1115914113083931179608861092566623278044302408799) #(11634065363621815767637298292695842594730176052067637773680192524455869230234173758150452925415401529778606418101117414536443374158088844168026367876825953 1375050214541076916535442310710144083780809418779 920725864083239042384763588357726013524708007928670717057302077747624160900068797037078329489496608106957529640438460571120920055161304057825269023490861 3955661015744856694707104263792232810044012932353264459926493154700610520372070161850876172559264752858509825362513967683454046220684740679273580024936255))

 

Don't use this key set since it is now public.

 

Then I signed a message: 'hello' with the first key

 

DigitalSignatureAlgorithm sign: 'hello' privateKey: keys first.  And got a signature:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]'

 

So if you send the message along with the public key (keys last) then they can verify the signature with:

 

DigitalSignatureAlgorithm verify:

'[DSA digital signature 54804CFBDB9D12EA008D7C56D46FED9EB118CA0E 834CCB8563F5B863B8041D20F2C6D9C89E120DF3]' isSignatureOf: 'hello' publicKey: keys last

 

For me this came out as true. 

 

Now I'm not sure what the 40 characters from Amazon are.  The number of characters does not make someone think of key.  It could be a message that you are supposed to sign and send back, a secret message if you will.  That way they can verify your signature since supposedly only you and they know the 40 byte message.  You would send back the signature and not the message, since they know what it is already.  Still that's just a guess.  Maybe someone else that works with Amazon can tell us.

 

I hope that helps.

 

Happy coding!

 

Ron Teitelbaum

Squeak Cryptography Team Leader

 

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Laurence Rozier
Sent: Wednesday, August 09, 2006 12:54 PM
To: The general-purpose Squeak developers list
Subject: DigitalSignatureAlgorithm Errors

 

Hi,

My goal is to be able sign messages for Amazon Web Services and initially I ran into the issue of how the secret key is represented. DSA expects the key to be part of a 4 element array, but what I have from Amazon is a single 40 character string. This is a new domain for me so I decided to first make sure I could use/understand the implementation as it. However, class methods such as example and timeDecode: fail with:

ERROR! Signature verification failed

I reimplemented the examples using generateKeySet instead of testKeySet but still get the same failures. Also when I tried to use initRandomNonInteractively to prevent having to constantly type in long strings, Squeak crashed under OS/X(works fine under windows). Apparently SoundService>>randomBitsFromSoundInput: is the culprit(I've reported this on Mantis). Can anyone point me to working examples?

TIA,

Laurence