Re: Decrypting RSA signature using public key fails

• Previous message: lelteto: "RE: Exchange and Siganture key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 3 Jan 2005 09:31:02 -0800

You can try to use any CRYPTOKI library which supports RAW RSA (ie.
CKM_RSA_X_509). Than you need to use the public key to ENCRYPT your signature
(yes, that's a 'hack' workaround) and verify the decrypted sturcture yourself.
Another option is to use the OpenSSL library - but than you have to do more
work with it...

Laszlo Elteto
Safenet, Inc.

"Andrus Moor" wrote:

> Valery,
>
> thank you for excellent explanation. There is no information about CAPI
> providers in EMVCo website.
>
> What software you recommend to use for EMVV4 signature verification under
> Windows ?
>
> Andrus.
>
>
> "Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
> news:#bdZ5mb6EHA.2452@TK2MSFTNGP14.phx.gbl...
> > Andrus,
> > The only way of verifying EMVv4 signature with CAPI is to develop or use
> 3-d
> > party cryptography provider that support that kind of signature. If such
> > provider become available you can simply use it with CAPI to do whatever
> > verification or encryption is required by EMVv4.1 standard. In case if
> EMVv4
> > receive broader acceptation than prev. version, I'm sure that cryptography
> > provider will be developed and provided by some party. Btw. did you check
> if
> > EMVCo is working with such provider or not? It is quite possible that they
> > are doing something or even have a working provider for that matter.
> > And regarding use of standard Microsoft cryptography providers (like
> > "Microsoft Strong Cryptography provider") - you can't verify EMVCo
> signature
> > with them (not current version at least).
> >
> > -Valery.
> > http://www.harper.no/valery
> >
> > P.S. Have a Merry Christmas and Happy New Year everyone!
> >
> > "Andrus Moor" <nospam@no.no> wrote in message
> > news:uoz8t1a6EHA.3368@TK2MSFTNGP10.phx.gbl...
> > > Laszlo,
> > >
> > > I need to verify EMVCO certificate signature S . with leght N=128
> bytes
> > > I know the modulus and modulus lenght from the certificate.
> > > The verification method is described in www.emvco.com,
> > > Book 2. Annex A2.1.3 :
> > >
> > > 1. Check whether the digital signature S consists of N bytes.
> > > 2. Retrieve the N-byte number X from the digital signature S:
> > > X = ( S**3 ) MOD n
> > >
> > > 3. Partition X as X= (B || MSG1 || H || E), where:
> > > B is one byte long
> > > H is 20 bytes long
> > > E is one byte long
> > > MSG1 consists of the remaining N - 22 bytes
> > > 4. Check whether the byte B is equal to '6A'.
> > > 5. Check whether the byte E is equal to 'BC'.
> > > 6. Compute MSG = (MSG1 || MSG2) and check whether H = Hash[MSG].
> > >
> > > So the signature must start with 6A and end with BC
> > >
> > > From your reply I understood that CAPI is not capable to verify or even
> > > decrypt this signature. This is very bad since EMVCO standard becomes
> > > widely
> > > usable in next years.
> > >
> > > Can you confirm again that CAPI does NOT support EMVCO signature
> > > verification ?
> > >
> > > Andrus.
> > >
> > >> Anyway, you should NOT try to 'decrypt' a signature - you should use
> the
> > >> VERIFY operation.
> > >> MS CAPI cannot 'just' decrypt the whole data - it always checks the
> > > content
> > >> format and returns only the actual data encrypted (not the whole
> > >> padding).
> > >> PKCS#11 can give you back the RAW decryption if you use it with
> > >> CKM_RSA_X_509. With that you could actually 'cheat' and 'decrypt' your
> > >> signature data then verify its format.
> > >>
> > >> Do you know if the signature was on a HASH? If yes, what is the point
> of
> > >> trying to 'decrypt' the signature? You either have the data and you can
> > > hash
> > >> it or if you only have the hash you can set - then use
> > > CryptVerifySignature
> > >> to verify the signature. (If the signature was made with CAPI than the
> > >> content is definitely only hash - other crypto systems may have created
> > >> signature with recovery where you want to get back your data which was
> > >> signed; but that's not supported in CAPI.)
> > >>
> > >> Another note: I assume you generated yourself the RSA keypair and
> somehow
> > >> you KNOW that the public exponent is 3 - otherwise knowing 'just' the
> > > modulus
> > >> is not enough as public exponents 17 and 65537 are also used frequently
> > > (and,
> > >> in fact, arbitrary public exponent could be used, too). Most crypto
> > > systems
> > >> use the public exponent 65537 (not 3 or 17).
> > >
> > >
> >
> >
>
>
>

• Previous message: lelteto: "RE: Exchange and Siganture key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]