[xmlsec] Troubles using XMLSec with Smart Cards

Aleksey Sanin aleksey@aleksey.com
Wed, 23 Jul 2003 13:48:23 -0700


This is a multi-part message in MIME format.
--------------000200090705040504070805
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

When you are calculating RSA signature usualy you RSA encrypt
not the plain SHA1 digest (20 bytes) but some additional
data too. For example, the XMLDSig spec [1] says that for XMLDSig
the  RSA signature should be calculated as follows (this is
called PKCS1_v1_5 format btw):
   
    CRYPT (PAD (ASN.1 (OID, DIGEST)))

where CRYPT means RSA encryption and DIGEST is the 20 bytes
SHA1 digest. The total size of encrypted data should match
the RSA key size.

In xmlsec-openssl case (I am guessing that you are using it from
the RSA_private_encrypt function name :) ), all the "wrapping" is
done by openssl. It knows about PKCS 1.5 RSA signatures and xmlsec
simply calls an openssl function and says "do it for me".

I am not sure about the details about your particular crypto device
integration with OpenSSL. I would guess that there are 2 possible
options:
    1) Your crypto device also knows about PKCS-1.5 RSA signatures
    and can produce desired signature format from 20 bytes digest.
    Then it seems like there is a bug in OpenSSL driver for your
    crypto device. The code should not call "encrypt" method but
    rather call the native crypto device "sign" method.
    2) Your crypto device only can do 20 bytes RSA encryption.
    Well, you probably out of luck. I don't think you can do something
    about that.

Aleksey


[1] http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg

--------------000200090705040504070805
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<tt>When you are calculating RSA signature usualy you RSA encrypt<br>
not the plain SHA1 digest (20 bytes) but some additional <br>
data too. For example, the XMLDSig spec [1] says that for XMLDSig <br>
the&nbsp; RSA signature should be calculated as follows (this is <br>
called PKCS1_v1_5 format btw):<br>
&nbsp;&nbsp;&nbsp; <br>
&nbsp;&nbsp;&nbsp; CRYPT (PAD (ASN.1 (OID, DIGEST)))<br>
<br>
where CRYPT means RSA encryption and DIGEST is the 20 bytes <br>
SHA1 digest. The total size of encrypted data should match<br>
the RSA key size.<br>
<br>
In xmlsec-openssl case (I am guessing that you are using it from<br>
the <span class="SpellE"><font size="2"><span lang="EN-GB"
 style="font-size: 10pt; font-family: Arial;">RSA_private_<span
 class="GramE">encrypt function name </span></span></font></span>:) ),
all the "wrapping" is <br>
done by openssl. It knows about PKCS 1.5 RSA signatures and xmlsec<br>
simply calls an openssl function and says "do it for me".<br>
<br>
I am not sure about the details about your particular crypto device<br>
integration with OpenSSL. I would guess that there are 2 possible<br>
options:<br>
&nbsp;&nbsp;&nbsp; 1) Your crypto device also knows about PKCS-1.5 RSA signatures<br>
&nbsp;&nbsp;&nbsp; and can produce desired signature format from 20 bytes digest. <br>
&nbsp;&nbsp;&nbsp; Then it seems like there is a bug in OpenSSL driver for your <br>
&nbsp;&nbsp;&nbsp; crypto device. The code should not call "encrypt" method but <br>
&nbsp;&nbsp;&nbsp; rather call the native crypto device "sign" method.<br>
&nbsp;&nbsp;&nbsp; 2) Your crypto device only can do 20 bytes RSA encryption.<br>
&nbsp;&nbsp;&nbsp; Well, you probably out of luck. I don't think you can do something<br>
&nbsp;&nbsp;&nbsp; about that.<br>
<br>
Aleksey<br>
<br>
<br>
[1] <a class="moz-txt-link-freetext" href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg">http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg</a></tt><br>
</body>
</html>

--------------000200090705040504070805--