[Botan-devel] Raw RSA

Jack Lloyd lloyd at randombit.net
Wed Apr 21 10:46:23 EDT 2010


On Wed, Apr 21, 2010 at 04:12:33PM +0200, Rickard Bellgrim wrote:
> 
> On 21 apr 2010, at 15.40, Jack Lloyd wrote:
> 
> > 
> > EMSA "Raw" (which maps to the EMSA_Raw) class should do it. Can you
> > send your input file? I can't quite puzzle out what OpenSSL is doing
> > differently here.
> > 
> > -Jack
> 
> Yes, sure. Here you go. I think .sig was from Botan and .sig2 was from OpenSSL.
> 

Clearly something went quite badly here: file.txt.sig has a value
which is actually larger than the RSA modulus in rsa.pem. I don't
understand how this is possible... are you sure you used the same key
to generate both of these signatures?

file.txt.sig2 seems to have a valid signature, but in botan it doesn't
verify anyway! That's because after the sig^e mod n RSA computation
the initial leading 0x00 byte is removed, and then when we compare the
two values in EMSA_Raw::verify they don't match. Definitely a bug
there.

-Jack



More information about the botan-devel mailing list