1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] Verify DSA bytestring signature
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Verify%20DSA%20bytestring%20signature&In-Reply-To=%3CCAGfyce0fCJCuwudpMhZ4Sg4yfmSqy-eCAb4ojv5-K2tGj_wRgA%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000795.html">
<LINK REL="Next" HREF="000797.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] Verify DSA bytestring signature</H1>
<B>Legrandin</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Verify%20DSA%20bytestring%20signature&In-Reply-To=%3CCAGfyce0fCJCuwudpMhZ4Sg4yfmSqy-eCAb4ojv5-K2tGj_wRgA%40mail.gmail.com%3E"
TITLE="[pycrypto] Verify DSA bytestring signature">helderijs at gmail.com
</A><BR>
<I>Tue Apr 8 08:44:19 PDT 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000795.html">[pycrypto] Verify DSA bytestring signature
</A></li>
<LI>Next message: <A HREF="000797.html">[pycrypto] Linking Against Non-Sytem libgmp
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#796">[ date ]</a>
<a href="thread.html#796">[ thread ]</a>
<a href="subject.html#796">[ subject ]</a>
<a href="author.html#796">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>I am glad I could help.
To be honest, I find that the DSA.verify() should be completely avoided. It
is a really primitive API.
The proposal I captured in the pull request below, accepts DER and pure big
endian and takes care of hashing internally (plus it allows for
Deterministic DSA, which is safer than standard DSA).
2014-04-08 13:45 GMT+02:00 Winston Weinert <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">winston at ml1.net</A>>:
><i> Thank you for your patience.
</I>><i>
</I>><i> Unbeknownst to me what I wanted is indeed the sha1 digest of the zipfile's
</I>><i> sha1 digest. (So the first suggestion you wrote is what I needed.) It
</I>><i> sounds funny, though is is how the library (the Sparkle Update Framework)
</I>><i> I'm writing tools for does it.
</I>><i>
</I>><i> Is it worthwhile for me to open a pull request enabling DSA.verify() to
</I>><i> accept a base64 or the ASN.1 DER bytestring instead of the (r, s) tuple?
</I>><i>
</I>><i> --
</I>><i> Winston
</I>><i>
</I>><i>
</I>><i> On Apr 7, 2014, at 6:50, Legrandin <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">helderijs at gmail.com</A>> wrote:
</I>><i>
</I>><i> The openssl code is using SHA-1 twice: once to create the digest of the
</I>><i> archive (dgst -sha1) and a second time when computing the DSA signature
</I>><i> (dgst -dss1).
</I>><i>
</I>><i> If your goal is to sign the hash, the Python code should actually read:
</I>><i>
</I>><i> >> return pubkey.verify(SHA1.new(zipfile_digest).digest(), signature)
</I>><i>
</I>><i> If your goal is to sign only the archive, the openssl code should be:
</I>><i>
</I>><i> >> | openssl dgst -dss1 -sign "$DSA_PRIVKEY" < "$RELEASE_ARCHIVE" \
</I>><i> >> | openssl enc -base64
</I>><i>
</I>><i> 2014-04-07 0:49 GMT+02:00 Winston Weinert <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">winston at ml1.net</A>>:
</I>><i>
</I>>><i> The signature is created using the openssl(1) command-line tool like this:
</I>>><i>
</I>>><i> openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" \
</I>>><i> | openssl dgst -dss1 -sign "$DSA_PRIVKEY" \
</I>>><i> | openssl enc -base64
</I>>><i>
</I>>><i> It verifies correctly using this command-line:
</I>>><i>
</I>>><i> echo "$SIGNATURE" | openssl enc -base64 -d > /tmp/decoded_signature
</I>>><i> openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" >
</I>>><i> /tmp/release_archive_sha1
</I>>><i> openssl dgst -dss1 -verify "$DSA_PUBKEY" -signature
</I>>><i> /tmp/decoded_signature /tmp/release_archive_sha1
</I>>><i>
</I>>><i> After I wrote my email, I dug around for awhile. After a lot of research
</I>>><i> I learned
</I>>><i> about ASN.1 DER's usage in Dss-Sig-Value (
</I>>><i> <A HREF="http://www.ietf.org/rfc/rfc2459.txt">http://www.ietf.org/rfc/rfc2459.txt</A>). I
</I>>><i> wrote this code that appeared to decode my Base64 encoded signature
</I>>><i> correctly (I
</I>>><i> checked against <A HREF="http://lapo.it/asn1js/">http://lapo.it/asn1js/</A>):
</I>>><i>
</I>>><i> def decode_DSA_signature(signature):
</I>>><i> raw_signature = base64.b64decode(signature)
</I>>><i> der = DerSequence()
</I>>><i> der.decode(raw_signature)
</I>>><i> return (der[0], der[1])
</I>>><i>
</I>>><i> Unfortunately .verify() returns False on correctly verified signature and
</I>>><i> hash
</I>>><i> pairs. I am using this new function like so:
</I>>><i>
</I>>><i>
</I>>><i> def validate(dsa_pubkey, signature, zipfile):
</I>>><i> with open(dsa_pubkey, 'rb') as f:
</I>>><i> pubkey = DSA.importKey(f.read())
</I>>><i> with open(zipfile, 'rb') as f:
</I>>><i> h = SHA1.new()
</I>>><i> h.update(f.read())
</I>>><i> zipfile_digest = h.digest()
</I>>><i> signature = decode_DSA_signature(signature)
</I>>><i>
</I>>><i> return pubkey.verify(zipfile_digest, signature)
</I>>><i>
</I>>><i> Maybe there is a problem with PyCrypto DSA and my environment?
</I>>><i> >>> sys.version
</I>>><i> '2.7.6 (default, Feb 7 2014, 12:51:34) \n[GCC 4.2.1 Compatible Apple
</I>>><i> LLVM 5.0 (clang-500.2.79)]'
</I>>><i>
</I>>><i> For the time being I'm invoking openssl(1) for this task.
</I>>><i>
</I>>><i> Thank you for the reply!
</I>>><i> Winston Weinert
</I>>><i>
</I>>><i>
</I>>><i> On Apr 6, 2014, at 4:50, Legrandin <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">helderijs at gmail.com</A>> wrote:
</I>>><i>
</I>>><i> > How was the signature created exactly?
</I>>><i> >
</I>>><i> > The .verify() method of a DSA object requires two integers, and there
</I>>><i> are several ways to encode them into a bytestring. It's very hard to guess
</I>>><i> the correct one for your case.
</I>>><i> >
</I>>><i> > FYI, there is a long standing pull request I created to add a saner DSA
</I>>><i> API:
</I>>><i> >
</I>>><i> > <A HREF="https://github.com/dlitz/pycrypto/pull/53">https://github.com/dlitz/pycrypto/pull/53</A>
</I>>><i> >
</I>>><i> > The verification method accepts DER or big-endian encoded signatures.
</I>>><i> >
</I>>><i> >
</I>>><i> >
</I>>><i> > 2014-04-05 21:03 GMT+02:00 Winston Weinert <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">winston at ml1.net</A>>:
</I>>><i> > Hello,
</I>>><i> >
</I>>><i> > I noticed in Git there is a "verify" method on Crypto.PublicKey.DSA.
</I>>><i> How do
</I>>><i> > I go about using this method? It wants a tuple, but unsure how to create
</I>>><i> > the appropriate tuple from my bytestring (which is decoded base64 text).
</I>>><i> > This is git revision 2d1aecd. The relevant code and error:
</I>>><i> >
</I>>><i> > Code:
</I>>><i> >
</I>>><i> > def validate(dsa_pubkey, signature, zipfile):
</I>>><i> > with open(dsa_pubkey, 'rb') as f:
</I>>><i> > pubkey = DSA.importKey(f.read())
</I>>><i> > with open(zipfile, 'rb') as f:
</I>>><i> > h = SHA1.new()
</I>>><i> > h.update(f.read())
</I>>><i> > zipfile_digest = h.digest()
</I>>><i> > decoded_signature = base64.b64decode(signature)
</I>>><i> >
</I>>><i> > return pubkey.verify(zipfile_digest, decoded_signature)
</I>>><i> >
</I>>><i> > Error:
</I>>><i> >
</I>>><i> > Traceback (most recent call last):
</I>>><i> > File "sparkle_tool.py", line 67, in <module>
</I>>><i> > validate_files(appcast, dsa_pubkey)
</I>>><i> > File "sparkle_tool.py", line 55, in validate_files
</I>>><i> > if validate(dsa_pubkey, signature, local_file):
</I>>><i> > File "sparkle_tool.py", line 33, in validate
</I>>><i> > return pubkey.verify(zipfile_digest, decoded_signature)
</I>>><i> > File
</I>>><i> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py",
</I>>><i> line 222, in verify
</I>>><i> > return pubkey.pubkey.verify(self, M, signature)
</I>>><i> > File
</I>>><i> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/pubkey.py",
</I>>><i> line 126, in verify
</I>>><i> > return self._verify(M, signature)
</I>>><i> > File
</I>>><i> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py",
</I>>><i> line 240, in _verify
</I>>><i> > (r, s) = sig
</I>>><i> > ValueError: too many values to unpack
</I>>><i> >
</I>>><i> > Thanks a bunch!
</I>>><i> > --
</I>>><i> > Winston Weinert
</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">winston at ml1.net</A>
</I>>><i> > _______________________________________________
</I>>><i> > pycrypto mailing list
</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>><i> >
</I>>><i> > _______________________________________________
</I>>><i> > pycrypto mailing list
</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>><i>
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>><i>
</I>><i>
</I>><i> _______________________________________________
</I>><i> pycrypto mailing list
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i>
</I>><i>
</I>><i>
</I>><i> _______________________________________________
</I>><i> pycrypto mailing list
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i>
</I>><i>
</I>-------------- next part --------------
An HTML attachment was scrubbed...
URL: <<A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20140408/670eecf2/attachment-0001.html">http://lists.dlitz.net/pipermail/pycrypto/attachments/20140408/670eecf2/attachment-0001.html</A>>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000795.html">[pycrypto] Verify DSA bytestring signature
</A></li>
<LI>Next message: <A HREF="000797.html">[pycrypto] Linking Against Non-Sytem libgmp
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#796">[ date ]</a>
<a href="thread.html#796">[ thread ]</a>
<a href="subject.html#796">[ subject ]</a>
<a href="author.html#796">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
