0

I am able to sign and verify an ECDSA signature with the commands:

openssl dgst -sha256 -sign privateKey.pem data.txt > sign_data,txt
openssl dgst -sha256 -verify publicKey.pem -signature sign_data.txt data.txt

The output for the verification command is:

 Verified OK

However, when I am sending my signed request to the server, I am getting an error saying that my signature was invalid. In my application, I am calling the above sign commands and then I am reading the signature (using python) as:

 signature = open('sign_data.txt','rb').read()

Given these circumstances, can I be sure that there is no problem with the signature value and that another processing error occurred. In other words, could it be possible that the receiver can still reject a signature even if the above openssl passed the tests?

user100123122
  • 309
  • 4
  • 11
  • Sure, wrong public key or even domain parameters (i.e. curve name) would do it. Wrong hash algorithm. Is the signature really text? Because if not, the signature may have changed if it was treated as text. Similarly, if the plaintext is not the same *byte for byte* then yeah, you get my drift.... Welcome to cryptography, where any mistake will get you the same error. – Maarten Bodewes Mar 02 '21 at 01:03
  • Thanks for pointing this out. My workflow for signing is: 1.) Extract XML and canonicalize (in data.txt) 2.) sign with ecdsa-sha256 (output in sign_data.txt) and 3.) base64 encode the result. How should I save the data.txt and sign_data.txt (what extensions to use)? I presume these will be arbitrary binary data. – user100123122 Mar 02 '21 at 01:10
  • The ideas you've posted are OK, but canonicalization of XML data is very tricky (there is a reason that this is specified exactly in XML-digsig). Without more code it will be tricky to find out what goes wrong... Oh, you could also be using the wrong algorithm, forgot that one. Or perform dual hashing. So many options. – Maarten Bodewes Mar 02 '21 at 08:16
  • I updated the post to include more context. Basically, I am certain that my computation of the DigestValues and the XML Canonicalization are correct. The only issue I am having is the computation of the SignatureValue. Do the OS commands correspond to the signature method in the XML document? – user100123122 Mar 02 '21 at 17:48
  • 1
    **There are two common formats for ECDSA (and DSA) signatures:** OpenSSL uses ASN.1-DER but [xmldsig uses 'plain'](https://www.w3.org/TR/xmldsig-core2/#sec-ECDSA). See https://stackoverflow.com/questions/50304509/is-python-ecdsa-signature-size-correct https://stackoverflow.com/questions/44807170/openssl-ecdsa-signatures-longer-than-expected https://stackoverflow.com/questions/49974441/extracting-r-s-and-verifying-ecdsa-signature-remotely https://stackoverflow.com/questions/48530316/what-is-the-output-format-of-the-sha256withecdsa-signature-algorithm – dave_thompson_085 Mar 04 '21 at 22:30
  • There is a syntax ERROR in signature filename. Replace "comma" with "dot" like: `sign_data,txt` with `sign_data.txt` in first line. – Cyborg Jul 03 '23 at 15:27

0 Answers0