Re: Decrypting RSA signature using public key fails
From: Andrus Moor (nospam_at_no.no)
Date: 12/24/04
- Next message: s r tripathy: "Re: CAPICOM and ASP.NET"
- Previous message: Valery Pryamikov: "Re: Decrypting RSA signature using public key fails"
- In reply to: Valery Pryamikov: "Re: Decrypting RSA signature using public key fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Dec 2004 17:32:49 +0200
Valery,
thank you for excellent explanation. There is no information about CAPI
providers in EMVCo website.
What software you recommend to use for EMVV4 signature verification under
Windows ?
Andrus.
"Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
news:#bdZ5mb6EHA.2452@TK2MSFTNGP14.phx.gbl...
> Andrus,
> The only way of verifying EMVv4 signature with CAPI is to develop or use
3-d
> party cryptography provider that support that kind of signature. If such
> provider become available you can simply use it with CAPI to do whatever
> verification or encryption is required by EMVv4.1 standard. In case if
EMVv4
> receive broader acceptation than prev. version, I'm sure that cryptography
> provider will be developed and provided by some party. Btw. did you check
if
> EMVCo is working with such provider or not? It is quite possible that they
> are doing something or even have a working provider for that matter.
> And regarding use of standard Microsoft cryptography providers (like
> "Microsoft Strong Cryptography provider") - you can't verify EMVCo
signature
> with them (not current version at least).
>
> -Valery.
> http://www.harper.no/valery
>
> P.S. Have a Merry Christmas and Happy New Year everyone!
>
> "Andrus Moor" <nospam@no.no> wrote in message
> news:uoz8t1a6EHA.3368@TK2MSFTNGP10.phx.gbl...
> > Laszlo,
> >
> > I need to verify EMVCO certificate signature S . with leght N=128
bytes
> > I know the modulus and modulus lenght from the certificate.
> > The verification method is described in www.emvco.com,
> > Book 2. Annex A2.1.3 :
> >
> > 1. Check whether the digital signature S consists of N bytes.
> > 2. Retrieve the N-byte number X from the digital signature S:
> > X = ( S**3 ) MOD n
> >
> > 3. Partition X as X= (B || MSG1 || H || E), where:
> > B is one byte long
> > H is 20 bytes long
> > E is one byte long
> > MSG1 consists of the remaining N - 22 bytes
> > 4. Check whether the byte B is equal to '6A'.
> > 5. Check whether the byte E is equal to 'BC'.
> > 6. Compute MSG = (MSG1 || MSG2) and check whether H = Hash[MSG].
> >
> > So the signature must start with 6A and end with BC
> >
> > From your reply I understood that CAPI is not capable to verify or even
> > decrypt this signature. This is very bad since EMVCO standard becomes
> > widely
> > usable in next years.
> >
> > Can you confirm again that CAPI does NOT support EMVCO signature
> > verification ?
> >
> > Andrus.
> >
> >> Anyway, you should NOT try to 'decrypt' a signature - you should use
the
> >> VERIFY operation.
> >> MS CAPI cannot 'just' decrypt the whole data - it always checks the
> > content
> >> format and returns only the actual data encrypted (not the whole
> >> padding).
> >> PKCS#11 can give you back the RAW decryption if you use it with
> >> CKM_RSA_X_509. With that you could actually 'cheat' and 'decrypt' your
> >> signature data then verify its format.
> >>
> >> Do you know if the signature was on a HASH? If yes, what is the point
of
> >> trying to 'decrypt' the signature? You either have the data and you can
> > hash
> >> it or if you only have the hash you can set - then use
> > CryptVerifySignature
> >> to verify the signature. (If the signature was made with CAPI than the
> >> content is definitely only hash - other crypto systems may have created
> >> signature with recovery where you want to get back your data which was
> >> signed; but that's not supported in CAPI.)
> >>
> >> Another note: I assume you generated yourself the RSA keypair and
somehow
> >> you KNOW that the public exponent is 3 - otherwise knowing 'just' the
> > modulus
> >> is not enough as public exponents 17 and 65537 are also used frequently
> > (and,
> >> in fact, arbitrary public exponent could be used, too). Most crypto
> > systems
> >> use the public exponent 65537 (not 3 or 17).
> >
> >
>
>
- Next message: s r tripathy: "Re: CAPICOM and ASP.NET"
- Previous message: Valery Pryamikov: "Re: Decrypting RSA signature using public key fails"
- In reply to: Valery Pryamikov: "Re: Decrypting RSA signature using public key fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
