Page 1 of 1

phpseclib RSA Sign does not work with Crypto++ verification

PostPosted: Tue Oct 09, 2012 3:55 pm
by Eisflamme
Hi,

I have found this thread: viewtopic.php?f=46&t=18927&p=121144&hilit=Crypto#p121144

Problem solved, see Edit 3 at bottom.

But it is somewhat different and the poster has not told us what the right call of SignatureVerificationFilter is...

Anyway, I'm trying to sign a simple message with phpseclib like this:
Code: Select all
$rsa = new Crypt_RSA();

$rsa->loadKey($privatekey);

$signedString = $rsa->sign($plainString);

So, it should use PSS.

On the Crypto++-side:
Code: Select all
RSA::PublicKey publicKey = loadKeyFromResource<RSA::PublicKey>(":/keyPublic.xyz");
RSASS<PSS, SHA1>::Verifier verifier(publicKey); // using PSS, as well
std::string decryptedString;

      StringSource(signedString, true,
         new SignatureVerificationFilter(
         verifier, new StringSink(decryptedString),
         SignatureVerificationFilter::THROW_EXCEPTION | SignatureVerificationFilter::PUT_MESSAGE
         )
         );

Now, the StringSource-line throws an exception, so the signature is not accepted. This time, I checked the lengths again, but the signedString is 192 bytes long, as is a Crypto++-signed string. I have no clue what the problem is, this time. If I sign a string with Crypto++, the exact same code will accept that one.

I am not so sure, if PSS is PSS, really, because Crypto++ also offers PSSR (PSS with recovery). Trying to use PSSR failed, too, though.

I also checked the communication channel: the string arriving at Crypto++ is the same as the one extracted online with PHP.

Any ideas? :)

Edit:
Also, I tried using PKCS1:
Code: Select all
$rsa = new Crypt_RSA();

$rsa->loadKey($privatekey);

$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$signedString = $rsa->sign($plainString);


And replaced in Crypto++:
Code: Select all
RSASS<PSS, SHA1>::Verifier verifier(publicKey);

with
Code: Select all
RSASS<PKCS1v15, SHA1>::Verifier verifier(publicKey);

Same result :(

Edit2:
Oh... I guess, if you don't use PSSR, the message has to be included. phpseclib creates only the signature without the message, when $rsa->sign('...') is used, right? Than I would have to put the message there, too.

Edit3:
I was correct in Edit2. Message has to be included. So now, I will return in PHP:
base64_encode($message.$signedMessage);

And in Crypto++ I check this string (base64_decoded before, of course) and it will tell me about my success. :)

Sorry that I post so fast. I'm really desperate, have no clue, then I write it down here and suddenly I come to the result. This forum has very good karma, I guess. :)

Thank you very much!