Python-Crypto

Bug #502291
Comment #18

Comment 18 for bug 502291

Revision history for this message

Guddu (anurag-chourasia) wrote on 2011-02-03: Re: [Bug 502291] Re: Support for PKCS#1 v1.5 signatures (RFC3447)

#18

Thanks :-)

On Fri, Feb 4, 2011 at 12:17 AM, Legrandin <email address hidden>wrote:

> I have put a variation of this in a branch on github, which is available
> via this command:
>
> git clone -b pkcs1 git://github.com/Legrandin/pycrypto.git
>
> I have realized in the meanwhile that the Crypto.PublicKey.RSA interface
> contains already too much stuff and is quite shaky.
>
> I therefore tried to create a separate module for signatures (much in
> the style of JCA).
>
> import Crypto.Signature.PKCS1_v1_5 as PKCS
> import Crypto.Hash.SHA as SHA1
> import Crypto.PublicKey.RSA as RSA
>
> key = RSA.importKey('pubkey.der')
> h = SHA1.new()
> h.update(message)
> if PKCS.verify(h, key, signature):
> print "The signature is authentic."
> else:
> print "The signature is not authentic."
>
> Seem to be much cleaner than the other attempt.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/502291
>
> Title:
> Support for PKCS#1 v1.5 signatures (RFC3447)
>
> Status in Python Cryptography Toolkit:
> Confirmed
>
> Bug description:
> This patch adds support for PKCS#1 v1.5 signatures.
>
> The sign() and verify() methods for an RSA key object
> are extended to accept an optional 'protocol' parameter,
> to specify how the signature should be carried out.
>
> The default value is 'raw' (or 'schoolbook') which is
> still the original algorithm. Since 'protocol' is optional
> there should be no backward compatibility problems.
>
> The 'protocol' associated to PKCS#1 v1.5 is either 'PKCS1',
> 'PKCS1-1.5' , or 'RSA/PKCS1-1.5'. Since such protocol
> embeds the OID of the hash used, I have also modified
> each available hash algorithm so that each hash object has got
> an appropriate 'oid' string attribute, that will be retrieved
> by the sign() method.
>
> I guess that in the future we may add other protocols in
> the same way, by picking intuitive strings (e.g.' PKCS1-PSS', 'X9.31',
> etc).
>
> The verification code is not subject to Bleichenbacher's
> (http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)
> and OKW's (
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html)
> attacks.
>
> Typical usage is the following:
>
> import Crypto.Hash.SHA
> import Crypto.PublicKey.RSA
>
> message = "Test"
> hash = SHA.new()
> hash.update(message)
>
> signature = k.sign(hash, None, 'PKCS1')[0]
>
> [... at the other end ...]
> messageReceived = "Test"
> hash = SHA.new()
> hash.update(messageReceived)
>
> auth = k.verify(hash, signatureReceived)
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/pycrypto/+bug/502291/+subscribe
>

Thanks :-)

On Fri, Feb 4, 2011 at 12:17 AM, Legrandin <502291@bugs.launchpad.net>wrote:

> I have put a variation of this in a branch on github, which is available
> via this command:
>
> git clone -b pkcs1 git://github.com/Legrandin/pycrypto.git
>
> I have realized in the meanwhile that the Crypto.PublicKey.RSA interface
> contains already too much stuff and is quite shaky.
>
> I therefore tried to create a separate module for signatures (much in
> the style of JCA).
>
> import Crypto.Signature.PKCS1_v1_5 as PKCS
> import Crypto.Hash.SHA as SHA1
> import Crypto.PublicKey.RSA as RSA
>
> key = RSA.importKey('pubkey.der')
> h = SHA1.new()
> h.update(message)
> if PKCS.verify(h, key, signature):
>    print "The signature is authentic."
> else:
>    print "The signature is not authentic."
>
> Seem to be much cleaner than the other attempt.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/502291
>
> Title:
>  Support for PKCS#1 v1.5 signatures (RFC3447)
>
> Status in Python Cryptography Toolkit:
>  Confirmed
>
> Bug description:
>  This patch adds support for PKCS#1 v1.5 signatures.
>
>  The sign() and verify() methods for an RSA key object
>  are extended to accept an optional 'protocol' parameter,
>  to specify how the signature should be carried out.
>
>  The default value is 'raw' (or 'schoolbook') which is
>  still the original algorithm. Since 'protocol' is optional
>  there should be no backward compatibility problems.
>
>  The 'protocol' associated to PKCS#1 v1.5 is either 'PKCS1',
>  'PKCS1-1.5' , or 'RSA/PKCS1-1.5'. Since such protocol
>  embeds the OID of the hash used, I have also modified
>  each available hash algorithm so that each hash object has got
>  an appropriate 'oid' string attribute, that will be retrieved
>  by the sign() method.
>
>  I guess that in the future we may add other protocols in
>  the same way, by picking intuitive strings (e.g.' PKCS1-PSS', 'X9.31',
> etc).
>
>  The verification code is not subject to Bleichenbacher's
>  (http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)
>  and OKW's (
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html)
>  attacks.
>
>  Typical usage is the following:
>
>  import Crypto.Hash.SHA
>  import Crypto.PublicKey.RSA
>
>  message = "Test"
>  hash = SHA.new()
>  hash.update(message)
>
>  signature = k.sign(hash, None, 'PKCS1')[0]
>
>  [... at the other end ...]
>  messageReceived = "Test"
>  hash = SHA.new()
>  hash.update(messageReceived)
>
>  auth = k.verify(hash, signatureReceived)
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/pycrypto/+bug/502291/+subscribe
>