1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
<tt>
<div dir="ltr"><div>I am glad I could help.<br><br>To be honest, I find that the DSA.verify() should be completely avoided. It is a really primitive API.<br><br></div>The proposal I captured in the pull request below, accepts DER and pure big endian and takes care of hashing internally (plus it allows for Deterministic DSA, which is safer than standard DSA).<br><br>
<div><div><div class="gmail_extra"><br><div class="gmail_quote">2014-04-08 13:45 GMT+02:00 Winston Weinert <span dir="ltr"><<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<div style="word-wrap:break-word"><div>Thank you for your patience.</div><div><br></div><div>Unbeknownst to me what I wanted is indeed the sha1 digest of the zipfile’s sha1 digest. (So the first suggestion you wrote is what I needed.) It sounds funny, though is is how the library (the Sparkle Update Framework) I’m writing tools for does it.</div><br>
<div><br></div><div>Is it worthwhile for me to open a pull request enabling DSA.verify() to accept a base64 or the ASN.1 DER bytestring instead of the (r, s) tuple?</div><div><br></div><div>--</div><div>Winston</div><div><br>
<div class="h5"><div><br></div><br><div><div>On Apr 7, 2014, at 6:50, Legrandin <<a href="mailto:helderijs@gmail.com" target="_blank">helderijs@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div><br>
The openssl code is using SHA-1 twice: once to create the digest of the archive (dgst -sha1) and a second time when computing the DSA signature (dgst -dss1).<br><br></div>If your goal is to sign the hash, the Python code should actually read:<br><br>
<br>
<br>>> return pubkey.verify(SHA1.new(zipfile_digest).digest(), signature)<br><br><div><div class="gmail_extra">If your goal is to sign only the archive, the openssl code should be:<br><br>>> | openssl dgst -dss1 -sign "$DSA_PRIVKEY" < "$RELEASE_ARCHIVE" \<br><br>
<br>
<br>
>> | openssl enc -base64<br><br>
<br><div class="gmail_quote">2014-04-07 0:49 GMT+02:00 Winston Weinert <span dir="ltr"><<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
The signature is created using the openssl(1) command-line tool like this:<br><br>
<br><br>
openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" \<br><br>
| openssl dgst -dss1 -sign "$DSA_PRIVKEY" \<br><br>
| openssl enc -base64<br><br>
<br><br>
It verifies correctly using this command-line:<br><br>
<br><br>
echo "$SIGNATURE” | openssl enc -base64 -d > /tmp/decoded_signature<br><br>
openssl dgst -sha1 -binary < "$RELEASE_ARCHIVE" > /tmp/release_archive_sha1<br><br>
openssl dgst -dss1 -verify "$DSA_PUBKEY" -signature /tmp/decoded_signature /tmp/release_archive_sha1<br><br>
<br><br>
After I wrote my email, I dug around for awhile. After a lot of research I learned<br><br>
about ASN.1 DER’s usage in Dss-Sig-Value (<a href="http://www.ietf.org/rfc/rfc2459.txt" target="_blank">http://www.ietf.org/rfc/rfc2459.txt</a>). I<br><br>
wrote this code that appeared to decode my Base64 encoded signature correctly (I<br><br>
checked against <a href="http://lapo.it/asn1js/" target="_blank">http://lapo.it/asn1js/</a>):<br><br>
<br><br>
def decode_DSA_signature(signature):<br><br>
raw_signature = base64.b64decode(signature)<br><br>
der = DerSequence()<br><br>
der.decode(raw_signature)<br><br>
return (der[0], der[1])<br><br>
<br><br>
Unfortunately .verify() returns False on correctly verified signature and hash<br><br>
pairs. I am using this new function like so:<br><br>
<div><br><br>
<br><br>
def validate(dsa_pubkey, signature, zipfile):<br><br>
with open(dsa_pubkey, 'rb') as f:<br><br>
pubkey = DSA.importKey(f.read())<br><br>
with open(zipfile, 'rb') as f:<br><br>
h = SHA1.new()<br><br>
h.update(f.read())<br><br>
zipfile_digest = h.digest()<br><br>
</div> signature = decode_DSA_signature(signature)<br><br>
<br><br>
return pubkey.verify(zipfile_digest, signature)<br><br>
<br><br>
Maybe there is a problem with PyCrypto DSA and my environment?<br><br>
>>> sys.version<br><br>
'2.7.6 (default, Feb 7 2014, 12:51:34) \n[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79)]'<br><br>
<br><br>
For the time being I’m invoking openssl(1) for this task.<br><br>
<br><br>
Thank you for the reply!<br><br>
<span><font color="#888888">Winston Weinert<br><br>
</font></span><div><div><br><br>
<br><br>
On Apr 6, 2014, at 4:50, Legrandin <<a href="mailto:helderijs@gmail.com" target="_blank">helderijs@gmail.com</a>> wrote:<br><br>
<br><br>
> How was the signature created exactly?<br><br>
><br><br>
> The .verify() method of a DSA object requires two integers, and there are several ways to encode them into a bytestring. It's very hard to guess the correct one for your case.<br><br>
><br><br>
> FYI, there is a long standing pull request I created to add a saner DSA API:<br><br>
><br><br>
> <a href="https://github.com/dlitz/pycrypto/pull/53" target="_blank">https://github.com/dlitz/pycrypto/pull/53</a><br><br>
><br><br>
> The verification method accepts DER or big-endian encoded signatures.<br><br>
><br><br>
><br><br>
><br><br>
> 2014-04-05 21:03 GMT+02:00 Winston Weinert <<a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a>>:<br><br>
> Hello,<br><br>
><br><br>
> I noticed in Git there is a “verify” method on Crypto.PublicKey.DSA. How do<br><br>
> I go about using this method? It wants a tuple, but unsure how to create<br><br>
> the appropriate tuple from my bytestring (which is decoded base64 text).<br><br>
> This is git revision 2d1aecd. The relevant code and error:<br><br>
><br><br>
> Code:<br><br>
><br><br>
> def validate(dsa_pubkey, signature, zipfile):<br><br>
> with open(dsa_pubkey, 'rb') as f:<br><br>
> pubkey = DSA.importKey(f.read())<br><br>
> with open(zipfile, 'rb') as f:<br><br>
> h = SHA1.new()<br><br>
> h.update(f.read())<br><br>
> zipfile_digest = h.digest()<br><br>
> decoded_signature = base64.b64decode(signature)<br><br>
><br><br>
> return pubkey.verify(zipfile_digest, decoded_signature)<br><br>
><br><br>
> Error:<br><br>
><br><br>
> Traceback (most recent call last):<br><br>
> File "sparkle_tool.py", line 67, in <module><br><br>
> validate_files(appcast, dsa_pubkey)<br><br>
> File "sparkle_tool.py", line 55, in validate_files<br><br>
> if validate(dsa_pubkey, signature, local_file):<br><br>
> File "sparkle_tool.py", line 33, in validate<br><br>
> return pubkey.verify(zipfile_digest, decoded_signature)<br><br>
> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 222, in verify<br><br>
> return pubkey.pubkey.verify(self, M, signature)<br><br>
> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/pubkey.py", line 126, in verify<br><br>
> return self._verify(M, signature)<br><br>
> File "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 240, in _verify<br><br>
> (r, s) = sig<br><br>
> ValueError: too many values to unpack<br><br>
><br><br>
> Thanks a bunch!<br><br>
> —<br><br>
> Winston Weinert<br><br>
> <a href="mailto:winston@ml1.net" target="_blank">winston@ml1.net</a><br><br>
> _______________________________________________<br><br>
> pycrypto mailing list<br><br>
> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br>
> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br>
><br><br>
> _______________________________________________<br><br>
> pycrypto mailing list<br><br>
> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br>
> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br>
<br><br>
_______________________________________________<br><br>
pycrypto mailing list<br><br>
<a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br>
</div></div></blockquote></div><br></div></div></div><br>
_______________________________________________<br>pycrypto mailing list<br><a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br>
</blockquote></div><br></div></div></div><br>_______________________________________________<br><br>
pycrypto mailing list<br><br>
<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br>
<br></blockquote></div><br></div></div></div></div><br>
</tt>
|