GPG Signature Verification

Paul Taukatch ptauk at us.ibm.com
Thu Apr 27 17:30:33 CEST 2017


This was exactly the issue! I was originally using the bouncy castle
ASN1Encodable library to generate the encoded hash value which for some
reason does not seem to produce the value defined/expected by the PGP.
Instead I now just use ASN1 full hash prefixes defined in the RFC directly
and the issue was resolved.

Very much appreciated Peter!

Thanks,
Paul Taukatch
Advanced Technologies Team / zOS Cloud Crypto




From:	Peter Lebbing <peter at digitalbrains.com>
To:	Paul Taukatch/Poughkeepsie/IBM at IBMUS, gnupg-users at gnupg.org
Date:	04/26/2017 06:24 AM
Subject:	Re: GPG Signature Verification



On 24/04/17 19:23, Peter Lebbing wrote:
> The part of "cmp" that would correspond to the constant part of the DER
> encoding I do not recognise.

It is still proper ASN.1, but it encodes a slightly different structure.

I wondered whether it was DER encoded or BER encoded, because I read
that BER was valid for old PKCS#1 v1.5 structures. DER is a subset of
BER. If the Python ASN.1 module pyasn1 rejects malformed DER encoding
then it is proper DER; or would pyasn1 be liberal in what it accepts?

Anyway, the two ASN.1 encoded objects are slightly different:

$ python
[...]
>>> import pyasn1.codec.der.decoder
>>> sha256der = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02
\x01\x05\x00\x04\x20' + chr(0)*32
>>> unknown_enc=b'\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02
\x01\x04\x20'+chr(0)*32
>>> pyasn1.codec.der.decoder.decode(sha256der)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0,
ObjectIdentifier(2.16.840.1.101.3.4.2.1)).setComponentByPosition(1, Null
(''))).setComponentByPosition(1, OctetString
(hexValue='0000000000000000000000000000000000000000000000000000000000000000')),
 '')
>>> pyasn1.codec.der.decoder.decode(unknown_enc)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0,
ObjectIdentifier(2.16.840.1.101.3.4.2.1))).setComponentByPosition(1,
OctetString
(hexValue='0000000000000000000000000000000000000000000000000000000000000000')),
 '')

There's an extra setComponentByPosition(1, Null('')) in the properly
encoded ASN.1. It would appear that the library you're using *is*
trying to generate a PKCS#1 v1.5 message, but that it ends up with a
slightly different DER encoding than what is defined for OpenPGP. You
will have to find a way to generate a EMSA-PKCS1-v1_5 structure that is
compatible to RFC 4880 (and RFC 3447 PKCS #1 Version 2.1).

I don't know much about ASN.1, so I can't really say anything useful
about the results of the experiment above.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

[attachment "signature.asc" deleted by Paul Taukatch/Poughkeepsie/IBM]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170427/da037352/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: </pipermail/attachments/20170427/da037352/attachment-0001.gif>


More information about the Gnupg-users mailing list