-1

How can this openSSL command be emulated with phpseclib: RSA

openssl pkeyutl -verify -in gfeHmac.bin -sigfile privkey2_140225_gfesig.bin -pubin -inkey pubkey2_140225.pem -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1

Here is the basic php stub that fails to verify:

include('phpseclib0.3.6/Math/BigInteger.php');
include('phpseclib0.3.6/Crypt/Hash.php');
include('phpseclib0.3.6/Crypt/TripleDES.php');
include('phpseclib0.3.6/Crypt/RSA.php');
echo "<hr>Using: phpseclib0.3.6/Crypt/RSA.php<br>";

function getCrntRsaPbKey()
{
  return "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmA6xcIcBo0UiVxzduHFjks511
R5Y+gsvn6rVyjIWSQZt0h8N8vJPreDCDcOybToFmJMnz8R8aohC6ipJ0nIaI644+
oXVQkKGEjaAFKn+L6AEUQSZKkkbmEjBqDSriq91q8U78Ky6xT5a5JpuHz+QEgGi2
SXf1t3EBec1vjgMycQIDAQAB
-----END PUBLIC KEY-----";
} // private function getCrntRsaPbKey($incoming)

$origData = "4hZpNOnmgAlqkCCLMJ8MKv1pC73aTReA7Pht4hnc4Os=";

echo "<hr>original base64 hash payLoad:";
var_dump ( $origData );

$signedUsePrv = "Rzwo6eiCDf/w7f69JcKuq7a0czlAXuLXsgJbat2GRc6Tvv3CH04/ccpOZoV2+NKA5tew1QH3Ic+M
qhYJkRA5l+bK6RIuEuxQ8Eo5qSpxBHmmup41INTiR4xRB2KSp+uNgj2Nw2+GAmfpK+nx53sXcxkD
ZnB+njlJTkuhx4iKmM8=";

echo "<hr>original signed digest base64 payLoad:";
var_dump ( $signedUsePrv );

$rsa = new Crypt_RSA();

//$rsa->setMGFHash('sha256');
$rsa->setHash('sha256');
//echo "<hr>\$rsa->setHash('sha256')";var_dump($tst);
//$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
//$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
//$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PSS);
//$rsa->setSaltLength(-1);

echo "<hr>\$rsa:";var_dump ( $rsa );

$pubKey = getCrntRsaPbKey();
echo ("<hr>publickeytest can load<br>" . $pubKey);
$rsaLoadKeyRslt = $rsa->loadKey(($pubKey));
echo "<br>\$rsa->loadKey(\$pubKey):";var_dump ( $rsaLoadKeyRslt );

$rsaVerifyRslt =  $rsa->verify ( base64_decode ( $origData ),  ( $signedUsePrv ) );
echo "<hr>\$rsa->verify with Eric provided public and signature file:";var_dump ( $rsaVerifyRslt );
if ($rsaVerifyRslt==1)
{
    echo "<br>isSigned true , using Remotely Signed signature";
}
user2506103
  • 1
  • 4

1 Answers1

1

phpseclib uses PSS by default for signature verification and uses a salt length of -1 by default as well (well it uses a salt length equal to the hash length which is what the -1 means I think).

The only thing from that that's different than what phpseclib is doing by default is that it's using sha256 whereas phpseclib uses sha1 by default.

Anyway in light of that I think this'll do what you're wanting:

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA(); 
$rsa->loadKey(file_get_contents('privatekey.txt'));
$rsa->loadKey($rsa->getPublicKey());
$rsa->setHash('sha256');
$rsa->setMGFHash('sha256');
echo $rsa->verify(
    file_get_contents('plaintext.txt'),
    file_get_contents('signature.txt')
) ? 'verified' : 'unverified';
neubert
  • 15,947
  • 24
  • 120
  • 212
  • If self-Sign, using remote defined Private/Public Key pair, works. if remotely signed and use public key remotely generated, then fails to verify. Remotely means openSSL Windows command line based, or Linux. – user2506103 Feb 28 '14 at 01:22
  • As well the setHash has to be established prior to loading the key. – user2506103 Feb 28 '14 at 02:58
  • I'm pretty sure wrong about setHash needing to be set before loading the key, not that arguing about it is going to serve much purpose. Can you post the CLI command you're using to sign the data? With that I'll be able to hopefully reproduce the problem and tell you how to get it working. – neubert Feb 28 '14 at 03:32
  • The payload & signatures are NOT being derived via CLI, they are custom self built implementations. The Payloads and Signatures verify using OpenSSL command line as shown/submitted above, but do not verify when using phpseclib – user2506103 Mar 03 '14 at 21:02
  • See original question, have included php stub that fails to verify. – user2506103 Mar 04 '14 at 17:25
  • 1
    Try doing `$rsa->setMGFHash('sha256')` as well. Technically they're two different hashes and there's nothing in the PKCS1 specs that say that just because you're using sha256 for the regular hash that the MGF hash has to be sha256 as well but I'm thinking OpenSSL doesn't let you use different hashing algorithms. I've updated my code. Let me know if it works! – neubert Mar 05 '14 at 12:21