diff options
Diffstat (limited to 'pipermail/pycrypto/attachments/20140408/670eecf2/attachment.html')
-rw-r--r-- | pipermail/pycrypto/attachments/20140408/670eecf2/attachment.html | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20140408/670eecf2/attachment.html b/pipermail/pycrypto/attachments/20140408/670eecf2/attachment.html new file mode 100644 index 0000000..669e293 --- /dev/null +++ b/pipermail/pycrypto/attachments/20140408/670eecf2/attachment.html @@ -0,0 +1,141 @@ +<tt> +<div dir="ltr"><div>I am glad I could help.<br><br>To be honest, I find that the DSA.verify() should be completely avoided. It is a really primitive API.<br><br></div>The proposal I captured in the pull request below, accepts DER and pure big endian and takes care of hashing internally (plus it allows for Deterministic DSA, which is safer than standard DSA).<br><br> +<div><div><div class="gmail_extra"><br><div class="gmail_quote">2014-04-08 13:45 GMT+02:00 Winston Weinert <span dir="ltr"><<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> +<div style="word-wrap:break-word"><div>Thank you for your patience.</div><div><br></div><div>Unbeknownst to me what I wanted is indeed the sha1 digest of the zipfile’s sha1 digest. (So the first suggestion you wrote is what I needed.) It sounds funny, though is is how the library (the Sparkle Update Framework) I’m writing tools for does it.</div><br> +<div><br></div><div>Is it worthwhile for me to open a pull request enabling DSA.verify() to accept a base64 or the ASN.1 DER bytestring instead of the (r, s) tuple?</div><div><br></div><div>--</div><div>Winston</div><div><br> +<div class="h5"><div><br></div><br><div><div>On Apr 7, 2014, at 6:50, Legrandin <<a href="mailto:helderijs@gmail.com" target="_blank">helderijs@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div><br> +The openssl code is using SHA-1 twice: once to create the digest of the archive (dgst -sha1) and a second time when computing the DSA signature (dgst -dss1).<br><br></div>If your goal is to sign the hash, the Python code should actually read:<br><br> +<br> +<br>>> return pubkey.verify(SHA1.new(zipfile_digest).digest(), signature)<br><br><div><div class="gmail_extra">If your goal is to sign only the archive, the openssl code should be:<br><br>>> | openssl dgst -dss1 -sign "$DSA_PRIVKEY" < "$RELEASE_ARCHIVE" \<br><br> +<br> +<br> +>> | openssl enc -base64<br><br> +<br><div class="gmail_quote">2014-04-07 0:49 GMT+02:00 Winston Weinert <span dir="ltr"><<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> +<br> +The signature is created using the openssl(1) command-line tool like this:<br><br> +<br><br> +openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" \<br><br> +| openssl dgst -dss1 -sign "$DSA_PRIVKEY" \<br><br> +| openssl enc -base64<br><br> +<br><br> +It verifies correctly using this command-line:<br><br> +<br><br> +echo "$SIGNATURE” | openssl enc -base64 -d > /tmp/decoded_signature<br><br> +openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" > /tmp/release_archive_sha1<br><br> +openssl dgst -dss1 -verify "$DSA_PUBKEY" -signature /tmp/decoded_signature /tmp/release_archive_sha1<br><br> +<br><br> +After I wrote my email, I dug around for awhile. After a lot of research I learned<br><br> +about ASN.1 DER’s usage in Dss-Sig-Value (<a href="http://www.ietf.org/rfc/rfc2459.txt" target="_blank">http://www.ietf.org/rfc/rfc2459.txt</a>). I<br><br> +wrote this code that appeared to decode my Base64 encoded signature correctly (I<br><br> +checked against <a href="http://lapo.it/asn1js/" target="_blank">http://lapo.it/asn1js/</a>):<br><br> +<br><br> +def decode_DSA_signature(signature):<br><br> + raw_signature = base64.b64decode(signature)<br><br> + der = DerSequence()<br><br> + der.decode(raw_signature)<br><br> + return (der[0], der[1])<br><br> +<br><br> +Unfortunately .verify() returns False on correctly verified signature and hash<br><br> +pairs. I am using this new function like so:<br><br> +<div><br><br> +<br><br> +def validate(dsa_pubkey, signature, zipfile):<br><br> + with open(dsa_pubkey, 'rb') as f:<br><br> + pubkey = DSA.importKey(f.read())<br><br> + with open(zipfile, 'rb') as f:<br><br> + h = SHA1.new()<br><br> + h.update(f.read())<br><br> + zipfile_digest = h.digest()<br><br> +</div> signature = decode_DSA_signature(signature)<br><br> +<br><br> + return pubkey.verify(zipfile_digest, signature)<br><br> +<br><br> +Maybe there is a problem with PyCrypto DSA and my environment?<br><br> +>>> sys.version<br><br> +'2.7.6 (default, Feb 7 2014, 12:51:34) \n[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79)]'<br><br> +<br><br> +For the time being I’m invoking openssl(1) for this task.<br><br> +<br><br> +Thank you for the reply!<br><br> +<span><font color="#888888">Winston Weinert<br><br> +</font></span><div><div><br><br> +<br><br> +On Apr 6, 2014, at 4:50, Legrandin <<a href="mailto:helderijs@gmail.com" target="_blank">helderijs@gmail.com</a>> wrote:<br><br> +<br><br> +> How was the signature created exactly?<br><br> +><br><br> +> The .verify() method of a DSA object requires two integers, and there are several ways to encode them into a bytestring. It's very hard to guess the correct one for your case.<br><br> +><br><br> +> FYI, there is a long standing pull request I created to add a saner DSA API:<br><br> +><br><br> +> <a href="https://github.com/dlitz/pycrypto/pull/53" target="_blank">https://github.com/dlitz/pycrypto/pull/53</a><br><br> +><br><br> +> The verification method accepts DER or big-endian encoded signatures.<br><br> +><br><br> +><br><br> +><br><br> +> 2014-04-05 21:03 GMT+02:00 Winston Weinert <<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>>:<br><br> +> Hello,<br><br> +><br><br> +> I noticed in Git there is a “verify” method on Crypto.PublicKey.DSA. How do<br><br> +> I go about using this method? It wants a tuple, but unsure how to create<br><br> +> the appropriate tuple from my bytestring (which is decoded base64 text).<br><br> +> This is git revision 2d1aecd. The relevant code and error:<br><br> +><br><br> +> Code:<br><br> +><br><br> +> def validate(dsa_pubkey, signature, zipfile):<br><br> +> with open(dsa_pubkey, 'rb') as f:<br><br> +> pubkey = DSA.importKey(f.read())<br><br> +> with open(zipfile, 'rb') as f:<br><br> +> h = SHA1.new()<br><br> +> h.update(f.read())<br><br> +> zipfile_digest = h.digest()<br><br> +> decoded_signature = base64.b64decode(signature)<br><br> +><br><br> +> return pubkey.verify(zipfile_digest, decoded_signature)<br><br> +><br><br> +> Error:<br><br> +><br><br> +> Traceback (most recent call last):<br><br> +> File "sparkle_tool.py", line 67, in <module><br><br> +> validate_files(appcast, dsa_pubkey)<br><br> +> File "sparkle_tool.py", line 55, in validate_files<br><br> +> if validate(dsa_pubkey, signature, local_file):<br><br> +> File "sparkle_tool.py", line 33, in validate<br><br> +> return pubkey.verify(zipfile_digest, decoded_signature)<br><br> +> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 222, in verify<br><br> +> return pubkey.pubkey.verify(self, M, signature)<br><br> +> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/pubkey.py", line 126, in verify<br><br> +> return self._verify(M, signature)<br><br> +> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 240, in _verify<br><br> +> (r, s) = sig<br><br> +> ValueError: too many values to unpack<br><br> +><br><br> +> Thanks a bunch!<br><br> +> —<br><br> +> Winston Weinert<br><br> +> <a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a><br><br> +> _______________________________________________<br><br> +> pycrypto mailing list<br><br> +> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br> +> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +><br><br> +> _______________________________________________<br><br> +> pycrypto mailing list<br><br> +> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br> +> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +<br><br> +_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +</div></div></blockquote></div><br></div></div></div><br> +_______________________________________________<br>pycrypto mailing list<br><a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +</blockquote></div><br></div></div></div><br>_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +<br></blockquote></div><br></div></div></div></div><br> + +</tt> |