RSA sign with MD5 encryption (General questions)
by Erick Daniel, Wednesday, December 08, 2004, 21:37 (7288 days ago)
Hi there:
I would like some advise with this. I am trying to do a RSA sign with MD5 encryption. I currently did this:
'Declaracion de variables
Dim Crypt As New wodCryptCom
Dim bufIn As New MemBlob
Dim bufOut As New MemBlob
Dim Key As New Keys
'Carga de la firma
Key.Load pem.key , abcde123
'Establezco cadena
bufIn.Text = CADENA|16|20|36|50
'Se hace el firmado (con la llave RSA)
Crypt.Type = RSA
Crypt.SecretKey = Key.PrivateKey(RSAkey)
Crypt.Sign bufIn, bufOut
MsgBox bufOut.ToBase64
If I do that, is the component hashing the chain in MD5 and then, signing it with the RSA key? Thank you.
Re: RSA sign with MD5 encryption
by wodSupport, Wednesday, December 08, 2004, 23:49 (7288 days ago) @ Erick Daniel
Erick,
correct. Component will not do MD5 hashing, but call to OpenSSL's RSA_sign will do that.
Regards.
Re: RSA sign with MD5 encryption
by Erick, Thursday, December 09, 2004, 21:19 (7287 days ago) @ wodSupport
Erick,
correct. Component will not do MD5 hashing, but call to OpenSSL's RSA_sign will do that.
Regards.
Great, thanks for the info.
Two more questions:
1. How can I load the .cer file to let me verify the cipher text I just got? (The public key is in the certificate store).
2. Should I digest and then sign the string? It will be a very big string (500 chars, more or less) and the other part (the people I will send the cipher text in Base64) shall be able to verify it with my certificate, supposedly under a standard. (I think its PKCS#1). While I am pretty confident that I should hash the strig and then send the hash to the Sign function, I just would like to know the answer (The call to Sign seems to fail if I send a string that big).
Re: RSA sign with MD5 encryption
by wodSupport, Friday, December 10, 2004, 00:10 (7287 days ago) @ Erick
1. How can I load the .cer file to let me verify the cipher text I just got? (The public key is in the certificate store).
This doesn't sound right. Where is the private key? In Windows certificate store? But then there must be the same certificate too.
Can you somehow get it in the PFX file? That one would hold private key too.
2. Should I digest and then sign the string? It will be a very big string (500 chars, more or less) and the other part (the people I will send the cipher text in Base64) shall be able to verify it with my certificate, supposedly under a standard. (I think its PKCS#1). While I am pretty confident that I should hash the strig and then send the hash to the Sign function, I just would like to know the answer (The call to Sign seems to fail if I send a string that big).
I suggest you do. Hash it with MD5 or SHA1, in which case you have only 16-20 bytes to sign. Make sure other side does the same hashing method on same data before they verify the signature.
Hope it helps.
Re: RSA sign with MD5 encryption
by Erick Daniel, Friday, December 10, 2004, 01:01 (7287 days ago) @ wodSupport
1. How can I load the .cer file to let me verify the cipher text I just got? (The public key is in the certificate store).
This doesn't sound right. Where is the private key? In Windows certificate store? But then there must be the same certificate too.
Can you somehow get it in the PFX file? That one would hold private key too.
2. Should I digest and then sign the string? It will be a very big string (500 chars, more or less) and the other part (the people I will send the cipher text in Base64) shall be able to verify it with my certificate, supposedly under a standard. (I think its PKCS#1). While I am pretty confident that I should hash the strig and then send the hash to the Sign function, I just would like to know the answer (The call to Sign seems to fail if I send a string that big).
I suggest you do. Hash it with MD5 or SHA1, in which case you have only 16-20 bytes to sign. Make sure other side does the same hashing method on same data before they verify the signature.
Hope it helps.
I need to load the .cer in certain scenarios to do the verification only. In those cases, an access to the private key or the PKCS#12 file won't be possible. Any way to do it, or a workaround? Thats the last thing I need to accomplish to finish the sign/verification process. Thank you very much.
Re: RSA sign with MD5 encryption
by wodSupport, Friday, December 10, 2004, 01:10 (7287 days ago) @ Erick Daniel
I need to load the .cer in certain scenarios to do the verification only. In those cases, an access to the private key or the PKCS#12 file won't be possible. Any way to do it, or a workaround? Thats the last thing I need to accomplish to finish the sign/verification process. Thank you very much.
Oh, my mistake! You need just to verify? Yes, you can load CER file using wodCertificate object.
There's some info about this on
http://www.weonlydo.com/Crypt/Help/HowDoI.html
Let me know how it goes.
Re: RSA sign with MD5 encryption
by Erick Daniel, Friday, December 10, 2004, 16:45 (7286 days ago) @ wodSupport
Oh, my mistake! You need just to verify? Yes, you can load CER file using wodCertificate object.
Where can I find that object? I have currently installed the wodCrypt pack and there is not a wodCertificate object.
Regards,
Erick
Re: RSA sign with MD5 encryption
by wodSupport, Friday, December 10, 2004, 18:32 (7286 days ago) @ Erick Daniel
You are correct, wodCertificate isn't shipped with wodCrypt. Please contact me on email and I'll send you a copy. I will also try to write you a sample on how to do this exactly using wodCrypt.
Re: RSA sign with MD5 encryption
by wodSupport, Saturday, December 11, 2004, 01:53 (7286 days ago) @ wodSupport
We made a mistake. wodCert.PublicKey property does not return same data as wodKeys.PublicKey (well, at least not for RSA keys). In order to avoid problems, wodCrypt.SecretKey now (since version 1.2.2) accepts contents of PublicKeyOpenSSH properties - meaning OpenSSH public keys. Even better - these are ASCII (base64) values so you can even keep them in your applications.
So, from now on you can open CER file with wodCertificate (shipped with wodCrypt since this version), and do
wodCrypt.SecretKey = wodCertificate.PublicKeyOpenSSH
and it will work.
Hope I helped!