Digital Signature Verification failed using SHA256withRSA in Python

后端 未结 3 1124
清酒与你
清酒与你 2021-01-14 07:28

I am trying to validate the digital signature with given certificate files for the offline aadhaar KYC verification application.

This instruction is given in the docu

3条回答
  •  慢半拍i
    慢半拍i (楼主)
    2021-01-14 08:02

    In cryptography, the devil is in the details, like what really is meant by:

    remaining XML (without "s" tag)

    We are lucky: this ridiculously vague specification comes came with a sample XML file and matching certificate, allowing to:

    • extract the signature signature field (converted from Base64 to binary) from the former to get S;
    • extract N and e from the later;
    • compute V = S e mod N
    • check that V is indeed formatted per SHA256withRSA (also known as RSASSA-PKCS1-v1_5 with SHA-256 hash),
    • on the right of V after a fixed DER prefix 3031300d060960864801650304020105000420 characteristic of a Digestinfo with SHA-256 we extract the 32-byte value f4efef8c788058df45385ec65a49e92f806b9ffd6fc6d11b4f3c2cf89a81fe2f, which thus is the expected hash for that example's signed data.

    So with a little trial and error we find what that signed data really is. We want to start from XML file and remove

    1. the s tag
    2. its = (and, should there be any, whitespace between former s tag and =, and after = as allowed by the XML syntax)
    3. its value field including leading and closing " (which contains the base64-encoded signature)
    4. precisely two nearby space characters, like the one before the s tag and the one after the closing " (alternatively, we might want to leave a single space where there are now several, probably three after the removals in bullet points 1-3).

    then hash what remains including < /> delimiters (as UTF-8), that is in the sample code pass it to BlockUpdate or verify_update. For that example:

    
    

    Update: sample XML, certificate, and the above are in this zip archive.

提交回复
热议问题