[erlang-questions] Old and new crypto: sign, rsa_sign, verify, rsa_verify compatibility

Ingela Andin <>
Fri Oct 25 13:28:01 CEST 2013


Hi!

The new API does not want any "mpint" values (binaries with size tags) .
If you try inputing the data according to the new API it will work much
better.

1> PrivateKey =
[<<2,1>>,<<0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,221,80,251,171,85,16,134,227,199,246,113,207,194,211,53,68,253,54,195,192,2,93,91,107,118,147,218,227,151,148,3,165,184,26,199,213,68,18,25,35,249,207,196,111,26,201,150,255,69>>,
1>
<<104,90,61,184,186,69,12,116,62,217,98,92,46,21,166,57,194,30,29,119,116,166,32,71,194,252,162,197,193,144,84,98,223,170,137,84,25,86,2,237,128,201,216,139,98,173,122,229,3,62,100,69,241,18,186,249,170,25,156,172,32,228,180,129>>].
[<<2,1>>,
 <<0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,
   221,80,251,171,85,16,134,227,199,246,113,...>>,
 <<104,90,61,184,186,69,12,116,62,217,98,92,46,21,166,57,
   194,30,29,119,116,166,32,71,194,252,...>>]
2>
2>  PublicKey =
[<<2,1>>,<<0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,221,80,251,171,85,16,134,227,199,246,113,207,194,211,53,68,253,54,195,192,2,93,91,107,118,147,218,227,151,148,3,165,184,26,199,213,68,18,25,35,249,207,196,111,26,201,150,255,69>>].
[<<2,1>>,
 <<0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,
   221,80,251,171,85,16,134,227,199,246,113,...>>]
3> Payload = <<"Launch the nukes.">>.
<<"Launch the nukes.">>
4> Hash = crypto:hash(sha, Payload).
<<241,220,196,57,84,10,43,93,89,232,208,46,247,79,76,207,
  109,47,141,175>>
5> Signature1 = crypto:sign(rsa, sha, {digest, Hash}, PrivateKey).
<<190,229,211,137,209,154,2,175,188,165,201,12,206,80,75,
  148,11,78,207,14,214,170,105,252,63,128,61,191,217,...>>
6>
6> crypto:verify(rsa, sha, {digest, Hash}, Signature1, PublicKey).
true

Regards Ingela Erlang/OTP team - Ericsson AB


2013/10/24 John Doe <>

> Hi,
>
> Is it possible to make RSA signatures compatible between old and new
> crypto methods? I can't find a way how to do this.
> Here's an example, run in R16B02:
>
> crypto:start().
>
> %% these two keys are valid RSA keypair
> PrivateKey =
> [<<0,0,0,2,2,1>>,<<0,0,0,65,0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,221,80,251,171,85,16,134,227,199,246,113,207,194,211,53,68,253,54,195,192,2,93,91,107,118,147,218,227,151,148,3,165,184,26,199,213,68,18,25,35,249,207,196,111,26,201,150,255,69>>,<<0,0,0,64,104,90,61,184,186,69,12,116,62,217,98,92,46,21,166,57,194,30,29,119,116,166,32,71,194,252,162,197,193,144,84,98,223,170,137,84,25,86,2,237,128,201,216,139,98,173,122,229,3,62,100,69,241,18,186,249,170,25,156,172,32,228,180,129>>].
> PublicKey =
> [<<0,0,0,2,2,1>>,<<0,0,0,65,0,194,170,51,214,70,17,25,24,39,11,190,238,251,171,164,221,80,251,171,85,16,134,227,199,246,113,207,194,211,53,68,253,54,195,192,2,93,91,107,118,147,218,227,151,148,3,165,184,26,199,213,68,18,25,35,249,207,196,111,26,201,150,255,69>>].
>
> SizedBinary = fun(Binary) -> <<(size(Binary)):32/integer,  Binary/binary>>
> end.
>
> Payload = <<"Launch the nukes.">>.
>
> Hash =  crypto:sha(Payload).
>
> %%signed with old method
> Signature = crypto:rsa_sign(SizedBinary(Hash), PrivateKey).
>
> %%verify with old method - returns true
> crypto:rsa_verify(SizedBinary(Hash), SizedBinary(Signature), PublicKey).
>
> %%new method - returns false
> crypto:verify(rsa, sha, {digest, Hash}, Signature, PublicKey).
>
> %%another try of new method - throws an 'bad argument' exception
> crypto:verify(rsa, sha, {digest, SizedBinary(Hash)},
> SizedBinary(Signature), PublicKey).
>
> %%new method yet again - returns false
> crypto:verify(rsa, sha, {digest, Hash}, SizedBinary(Signature),
> PublicKey).
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131025/56537fd9/attachment.html>


More information about the erlang-questions mailing list