3

I want to create a signature and verify it with openssl. I want to have hex output of my signature.

it's my code

#create private key
openssl ecparam -genkey -name secp256k1 -rand /dev/urandom -noout -out private.pem

#public key derivation
openssl ec -in private.pem -pubout -out public.pem

#create signature
openssl dgst -sha256 -hex -sign private.pem msg.txt  > signature.hex

#check signature
openssl dgst -sha256 -verify public.pem -signature signature.hex msg.txt

I get this error:

Error Verifying Data
4573216364:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
4573216364:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=ECDSA_SIG

If I remove -hex during create signature, it works.

$ openssl version
OpenSSL 1.0.2s  28 May 2019
monkeyUser
  • 4,301
  • 7
  • 46
  • 95

2 Answers2

3

The openssl dgst command "-hex" parameter means that the output is NOT binary but a hex dump of the binary output.

Quote:

-hex

digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature. See NOTES below for digital signatures using -hex.

And the note section:

Hex signatures cannot be verified using openssl. Instead, use "xxd -r" or similar program to transform the hex signature into a binary signature prior to verification.

So if you use the -hex option for a hex dump, you need to convert it back to binary yourself somehow before passing it into openssl to verify.

Shane Powell
  • 13,698
  • 2
  • 49
  • 61
  • i'm getting the same error as the OP, even without the -hex flag.. any ideas? – mikew Jun 19 '20 at 12:45
  • If you get that error then the signature is corrupt for some reason. So you will have to look at what happens to the data coming out of openssl into it's storage (file?) and that it doesn't get changed in any way. openssl expects the signature file to be in a binary format as output from the the original openssl command. – Shane Powell Jun 19 '20 at 21:11
  • i'm literally just doing the openssl command that the OP posted here minus the -hex... i found this other question where apparently you have to hexedit the signature because openssl outputted it incorrectly.. seems like a hassle: https://stackoverflow.com/questions/59904522/asn1-encoding-routines-errors-when-verifying-ecdsa-signature-type-with-openssl – mikew Jun 19 '20 at 22:16
  • If you openssl.exe is not bad for some reason, then it comes down the the OS / console application redirect piping to a file is not corrupting the binary output. If your console application is assuming the output is text is can corrupt the output written to a file in windows (for example). – Shane Powell Jun 19 '20 at 22:20
  • Try it with the "-out " option in openssl to make sure it's nothing to be with the direct to a file. – Shane Powell Jun 19 '20 at 22:24
  • i did see -out param in a different tutorial, but i was getting an error using it "can only sign or verify one file"... i tried again just now and moved the -out param BEFORE the -sign param, and now it works! thank you very much – mikew Jun 19 '20 at 22:35
0

Copied from: How to use ECDSA function in the medtls library

Mathematically speaking, an ECDSA signature is a pair of two integers (r, s). The function mbedtls_ecdsa_sign gives you the two integers r and s as outputs and it's up to you to decide how you want to output those integers. There are two common representations of ECDSA signatures: take a fixed-size representation of r and s and put those two together, or assemble them in an ASN.1 sequence, generally in DER form (ASN.1 admits multiple representations, e.g. with or without leading zeros, and DER is a specific ASN.1 representation, without leading zeros).

OpenSSL has both ECDSA and Digest features. I am not convinced that you are actually generating the "r" and "s" of an ECDSA when you use OpenSSL digest, even if you use it with elliptic curve keys.

Rajesh
  • 1
  • 1