I want to create a signature for a file using OpenSSL.
I believe that my result should match the testfile.sig generated by openssl this way:
$ openssl dgst -sha1 -binary < testfile > testfile.sha1
$ openssl rsautl -sign -in testfile.sha1 -inkey rsa_private.pem -keyform PEM -out testfile.sig
$ openssl rsautl -verify -inkey rsa_public.pem -pubin -in testfile.sig -hexdump
Loading 'screen' into random state - done
0000 - 9f 23 88 15 2b af d6 a6-9f 4f 1f 7e ee b0 90 dd .#..+....O.~....
0010 - 69 99 2b 3d i.+=
So, I used the code by caf that was posted here:
How to read key file for use with HMAC_Init_ex()
and just added a small piece to save the data after EVP_SignFinal() to a file, so then I
could just verify it with openssl and the public key:
FILE * fp = fopen("out.sig", "wb");
if (fp) {
printf("Writing the signature in a file. # of bytes: %u.\n", sig_len);
fwrite(sig, 1, sig_len, fp);
fclose(fp);
}
And to my suprise, I got this:
$ openssl rsautl -verify -inkey rsa_public.pem -pubin -in out.sig -hexdump
Loading 'screen' into random state - done
0000 - 30 21 30 09 06 05 2b 0e-03 02 1a 05 00 04 14 9f 0!0...+.........
0010 - 23 88 15 2b af d6 a6 9f-4f 1f 7e ee b0 90 dd 69 #..+....O.~....i
0020 - 99 2b 3d .+=
Now, if you observe the output of the verification of out.sig, you’ll see that the last 20
bytes match the data output of the verification of testfile.sig. And those 20 bytes are
indeed the SHA-1 hash of my file. But what are the first 15 bytes at the beginning?
Isn’t EVP_SignInit() / EVP_SignUpdate() / EVP_SignFinal() supposed to put only the hash in
the message, or am I missing something obvious?
If you need more info, please let me know.
Thanks
Full function that was uset to sign the file:
int do_evp_sign(FILE * rsa_pkey_file, FILE * in_file)
{
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
EVP_PKEY * pkey = PEM_read_PrivateKey(rsa_pkey_file, NULL, NULL, NULL);
if (pkey == NULL) {
ERR_print_errors_fp(stderr);
return 1;
}
fseek(in_file, 0, SEEK_END);
const size_t lSize = ftell(in_file);
rewind(in_file);
EVP_MD_CTX md_ctx;
EVP_SignInit(&md_ctx, EVP_sha1());
size_t len;
unsigned char buffer[4096];
size_t bytesLeft = lSize;
while (bytesLeft > 0) {
const size_t count = (bytesLeft > sizeof(buffer) ? sizeof(buffer) : bytesLeft);
len = fread(buffer, 1, count, in_file);
if (len != count) {
fprintf(stderr, "Read error! len (%u) != count (%u).\n", len, count);
EVP_PKEY_free(pkey);
return 1;
}
if (!EVP_SignUpdate(&md_ctx, buffer, len))
{
ERR_print_errors_fp(stderr);
EVP_PKEY_free(pkey);
return 1;
}
bytesLeft -= len;
}
unsigned int sig_len;
unsigned char * sig = (unsigned char *)malloc(EVP_PKEY_size(pkey));
if (!sig) {
fprintf(stderr, "Couldn't allocate %u bytes of memory.\n", EVP_PKEY_size(pkey));
EVP_PKEY_free(pkey);
return 1;
}
if (!EVP_SignFinal(&md_ctx, sig, &sig_len, pkey))
{
ERR_print_errors_fp(stderr);
EVP_PKEY_free(pkey);
free(sig);
return 1;
}
FILE * fTemp = fopen("out.sig", "wb");
if (fTemp) {
printf("Writing the signature to a file. Number of bytes: %u.\n", sig_len);
fwrite(sig, 1, sig_len, fTemp);
fclose(fTemp);
}
printf("Signature: \n");
for (unsigned int i = 0; i != sig_len; ++i)
{
printf("%02x", sig[i]);
if (i % 16 == 15)
printf("\n");
}
printf("\n");
EVP_PKEY_free(pkey);
free(sig);
return 0;
}
What you have there is an ASN.1 encoding of the hash value.
How exactly did you generate the digest (in code)? It looks like whatever you used converted it to ASN.1 instead of leaving it “raw”, and that’s what you signed.