0

I am attempting to use an AWS cloudHSM to sign a message that needs to be converted to DER to be verified by another application. The output signature file from AWS is binary and I am struggling to convert to DER.

I can verify the signature is correct in OpenSSL as it will accept the signature as binary

$ openssl dgst -sha256 -verify public.pem -signature signedMessage message
Verified OK

Struggling to find the correct procedure to convert to DER. I tried

openssl enc -base64 -in signedMessage

But verification fails.

Thanks

Z.T.
  • 939
  • 8
  • 20
K Stewart
  • 23
  • 7
  • This appears to be a programming question, and programming questions belong on stackoverflow even if they are about cryptography. I can migrate this there for you. – Ella Rose May 29 '19 at 18:42
  • What kind of key are you using? Signatures are usually just raw bytes, there is no encoding in them. (ECDSA signatures do use DER but it's usually transparent to applications) – Conrado May 29 '19 at 19:06
  • I am using ECDSA_SHA256 signing mechanism (AWS terminology) and an ECC private key using a secp256k1 curve. the AWS cloudHSM key management utility does not give me the option to change the output format. I checked the output file format and it is binary. The application I am using to verify is Bitcoin Core. – K Stewart May 29 '19 at 19:43
  • What is the actual format of the signature that you need? Can you give example with new key and signature over "hello world"? Why did you try base64 when you wanted ASN.1 DER? https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One https://en.wikipedia.org/wiki/X.690#DER_encoding Have you looked at existing answers like https://crypto.stackexchange.com/a/57734/24949 ? – Z.T. May 29 '19 at 21:37
  • `openssl dgst -sign/verify` for ECDSA (and DSA) _does_ respectively create or require SEC1 (and rfc3279) style DER encoding. Are you trying to verify in BitcoinCore as a transaction signature or a message signature? Those are different. The latter requires a key-recovery byte. The former requires 'low-S' logic and I'm not sure about the latter; neither AWS nor OpenSSL does low-S which would cause it to fail validation in half of cases at random. – dave_thompson_085 Jun 30 '19 at 20:10
  • Dave - Thank you for answer. I am working on both bitcoin message and transaction signing and aware of the difference, but thank you for you input. I managed to get an answer from AWS and there is a bug in their cloudHSM cli utility (apparently it does not exist if you connect via PKCS#11 or JAVA SDK). The bug is they add an extra byte of zeros to the end of a standard DER ASN 1 signature format which can be easily fixed by by parsing the HSM output. I used $ openssl asn1parse -inform DER -length 71 -in eccSig.txt. – K Stewart Jul 01 '19 at 21:11

0 Answers0