Re: Decrypting RSA signature using public key fails
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 01/03/05
 Previous message: lelteto: "RE: Exchange and Siganture key"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Jan 2005 09:31:02 0800
You can try to use any CRYPTOKI library which supports RAW RSA (ie.
CKM_RSA_X_509). Than you need to use the public key to ENCRYPT your signature
(yes, that's a 'hack' workaround) and verify the decrypted sturcture yourself.
Another option is to use the OpenSSL library  but than you have to do more
work with it...
Laszlo Elteto
Safenet, Inc.
"Andrus Moor" wrote:
> Valery,
>
> thank you for excellent explanation. There is no information about CAPI
> providers in EMVCo website.
>
> What software you recommend to use for EMVV4 signature verification under
> Windows ?
>
> Andrus.
>
>
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> news:#bdZ5mb6EHA.2452@TK2MSFTNGP14.phx.gbl...
> > Andrus,
> > The only way of verifying EMVv4 signature with CAPI is to develop or use
> 3d
> > party cryptography provider that support that kind of signature. If such
> > provider become available you can simply use it with CAPI to do whatever
> > verification or encryption is required by EMVv4.1 standard. In case if
> EMVv4
> > receive broader acceptation than prev. version, I'm sure that cryptography
> > provider will be developed and provided by some party. Btw. did you check
> if
> > EMVCo is working with such provider or not? It is quite possible that they
> > are doing something or even have a working provider for that matter.
> > And regarding use of standard Microsoft cryptography providers (like
> > "Microsoft Strong Cryptography provider")  you can't verify EMVCo
> signature
> > with them (not current version at least).
> >
> > Valery.
> > http://www.harper.no/valery
> >
> > P.S. Have a Merry Christmas and Happy New Year everyone!
> >
> > "Andrus Moor" <nospam@no.no> wrote in message
> > news:uoz8t1a6EHA.3368@TK2MSFTNGP10.phx.gbl...
> > > Laszlo,
> > >
> > > I need to verify EMVCO certificate signature S . with leght N=128
> bytes
> > > I know the modulus and modulus lenght from the certificate.
> > > The verification method is described in www.emvco.com,
> > > Book 2. Annex A2.1.3 :
> > >
> > > 1. Check whether the digital signature S consists of N bytes.
> > > 2. Retrieve the Nbyte number X from the digital signature S:
> > > X = ( S**3 ) MOD n
> > >
> > > 3. Partition X as X= (B  MSG1  H  E), where:
> > > B is one byte long
> > > H is 20 bytes long
> > > E is one byte long
> > > MSG1 consists of the remaining N  22 bytes
> > > 4. Check whether the byte B is equal to '6A'.
> > > 5. Check whether the byte E is equal to 'BC'.
> > > 6. Compute MSG = (MSG1  MSG2) and check whether H = Hash[MSG].
> > >
> > > So the signature must start with 6A and end with BC
> > >
> > > From your reply I understood that CAPI is not capable to verify or even
> > > decrypt this signature. This is very bad since EMVCO standard becomes
> > > widely
> > > usable in next years.
> > >
> > > Can you confirm again that CAPI does NOT support EMVCO signature
> > > verification ?
> > >
> > > Andrus.
> > >
> > >> Anyway, you should NOT try to 'decrypt' a signature  you should use
> the
> > >> VERIFY operation.
> > >> MS CAPI cannot 'just' decrypt the whole data  it always checks the
> > > content
> > >> format and returns only the actual data encrypted (not the whole
> > >> padding).
> > >> PKCS#11 can give you back the RAW decryption if you use it with
> > >> CKM_RSA_X_509. With that you could actually 'cheat' and 'decrypt' your
> > >> signature data then verify its format.
> > >>
> > >> Do you know if the signature was on a HASH? If yes, what is the point
> of
> > >> trying to 'decrypt' the signature? You either have the data and you can
> > > hash
> > >> it or if you only have the hash you can set  then use
> > > CryptVerifySignature
> > >> to verify the signature. (If the signature was made with CAPI than the
> > >> content is definitely only hash  other crypto systems may have created
> > >> signature with recovery where you want to get back your data which was
> > >> signed; but that's not supported in CAPI.)
> > >>
> > >> Another note: I assume you generated yourself the RSA keypair and
> somehow
> > >> you KNOW that the public exponent is 3  otherwise knowing 'just' the
> > > modulus
> > >> is not enough as public exponents 17 and 65537 are also used frequently
> > > (and,
> > >> in fact, arbitrary public exponent could be used, too). Most crypto
> > > systems
> > >> use the public exponent 65537 (not 3 or 17).
> > >
> > >
> >
> >
>
>
>
 Previous message: lelteto: "RE: Exchange and Siganture key"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
