I'm trying to use SecKeyRawSign on swift to digitally sign a String using SHA256withRSA. I can properly generate the RSA keys, but I'm not sure about what data to send to this function.
My goal is to use PKCS1 v1.5 format, which should generate the same signature as long as the private key and content to be signed are the same, i.e., there's no random component in the algorithm.
Also, I (think I) know that the algorith that I should first calculate the SHA256 hash of the message, then I should add a ASN.1 prefix describing the algorithm. And finally I should add the PKCS1 padding (0x00 0x01 0xff .. 0xff 0x00) to complete a 128-byte sequence for a 1024-bit key.
I tried passing the following combinations of data and padding to the function:
* message with PKCS1HSA256 padding
* sha256(message) with PKCS1HSA256 padding
* algorithm identifier + sha256(message) with PKCS1 padding
* pkcs1 padding + algorithm identifier + sha256(message) with raw padding
In each case the function returns no error, but each time I call the function with the same key and data, a different signature is generated.
Knowing that the algorithm has no random component, shouldn't I be getting the same signature every time?
So can somebody help me by letting me know what should be passed into each parameter to accomplish my goal? How data param should be constructed?
Thanks.
Related
I'm writing a HomeKit (so perhaps Bluetooth) characteristic in TLV8 format. Apple doc says
The value is an NSData object containing a set of one or more TLV8's,
which are packed type-length-value items with an 8-bit type, 8-bit
length, and N-byte value.
According to Wikipeida a type-length value is
Type
A binary code, often simply alphanumeric, which indicates the kind of field that this part of the message represents;
Length
The size of the value field (typically in bytes);
Value
Variable-sized series of bytes which contains data for this part of the message.
I have no idea how to pack one. I suppose I can write raw bytes to NSData, but what do I write for pad, if I need any padding, etc. So is there an example of how to do that?
Oh I figured it out.
TLV8 consist of three sections: "Tag", "Length", and "Value". I don't know what 8 means.
Both tag and length are UInt8. I believe what the tag may be depend on where the TLV8 is used. Length is the length of the value. Value is the content it self.
So when I want to send a simple 1 as a value, I use:
let tag = 0x02 // For example
let length = 0x01
let value = 0x01
let data = Data(bytes: [tag, length, value]) // NSData
I'm trying to satisfy myself that METEOSAT images I'm getting from their FTP server are actually valid images. My doubt arises because all the tools I've used so far complain about "Bogus Huffman table definition" - yet when I simply comment out that error message, the image appears quite plausible (a greyscale segment of the Earth's disc).
From https://github.com/libjpeg-turbo/libjpeg-turbo/blob/jpeg-8d/jdhuff.c#L379:
while (huffsize[p]) {
while (((int) huffsize[p]) == si) {
huffcode[p++] = code;
code++;
}
/* code is now 1 more than the last code used for codelength si; but
* it must still fit in si bits, since no code is allowed to be all ones.
*/
if (((INT32) code) >= (((INT32) 1) << si))
ERREXIT(cinfo, JERR_BAD_HUFF_TABLE);
code <<= 1;
si++;
}
If I simply comment out the check, or add a check for huffsize[p] to be nonzero (as in the containing loop's controlling expression), then djpeg manages to convert the image to a BMP which I can view with few problems.
Why does the comment claim that all-ones codes are not allowed?
It claims that because they are not allowed. That doesn't mean that there can't be images out there that don't comply with the standard.
The reason they are not allowed is this (from the standard):
Making entropy-coded segments an integer number of bytes is performed
as follows: for Huffman coding, 1-bits are used, if necessary, to pad
the end of the compressed data to complete the final byte of a
segment.
If the all 1's code was allowed, then you could end up with an ambiguity in the last byte of compressed data where the padded 1's could be another coded symbol.
I'm trying to extract a 1024-bit RSA public key from an already generated key pair (two SecKeyRefs), in order to send it over the wire. All I need is a plain (modulus, exponent) pair, which should take up exactly 131 bytes (128 for the modulus and 3 for the exponent).
However, when I fetch the key info as a NSData object, I get 140 bits instead of 131. Here's an example result:
<30818902 818100d7 514f320d eacf48e1 eb64d8f9 4d212f77 10dd3b48 ba38c5a6
ed6ba693 35bb97f5 a53163eb b403727b 91c34fc8 cba51239 3ab04f97 dab37736
0377cdc3 417f68eb 9e351239 47c1f98f f4274e05 0d5ce1e9 e2071d1b 69a7cac4
4e258765 6c249077 dba22ae6 fc55f0cf 834f260a 14ac2e9f 070d17aa 1edd8db1
0cd7fd4c c2f0d302 03010001>
After retrying the key generation a couple of times and comparing the resulting NSData objects, the bytes that remain the same for all keys are the first 7:
<30818902 818100>
The last three bytes look like the exponent (65537, a common value). There are also two bytes between the "modulus" and the exponent:
<0203>
Can someone with more crypto experience help me identify what encoding is this? DER? How do I properly decode the modulus and exponent?
I tried manually stripping out the modulus and exponent using
NSData* modulus = [keyBits subdataWithRange:(NSRange){ 7, 128 }];
NSData* exponent = [keyBits subdataWithRange:(NSRange){ 7 + 128 + 2, 3 }];
but I get errors when trying to decrypt data which the remote host encoded using that "key".
EDIT:
Here's a gist of the solution I ended up using to unpack the RSA blob: https://gist.github.com/vl4dimir/6079882
Assuming you want the solution to work under iOS, please have a look at this thread. The post confirms that the encoding is DER and shows how to extract the exponent and modulus from the NSData object you started with.
There is another solution that won't work on iOS, but will work on Desktop systems (including MacOS X) that have OpenSSL installed in this thread. Even if you are looking for the iOS-only solution you can still use this to verify your code is working correctly.
I have a Client/Server architecture (C# .Net 4.0) that send's command packets of data as byte arrays. There is a variable number of parameters in any command, and each paramater is of variable length. Because of this I use delimiters for the end of a parameter and the command as a whole. The operand is always 2 bytes and both types of delimiter are 1 byte. The last parameter_delmiter is redundant as command_delmiter provides the same functionality.
The command structure is as follow:
FIELD SIZE(BYTES)
operand 2
parameter1 x
parameter_delmiter 1
parameter2 x
parameter_delmiter 1
parameterN x
.............
.............
command_delmiter 1
Parameters are sourced from many different types, ie, ints, strings etc all encoded into byte arrays.
The problem I have is that sometimes parameters when encoded into byte arrays contain bytes that are the same value as a delimiter. For example command_delmiter=255.. and a paramater may have that byte inside of it.
There is 3 ways I can think of fixing this:
1) Encode the parameters differently so that they can never be the same value as a delimiter (255 and 254) Modulus?. This will mean that paramaters will become larger, ie Int16 will be more than 2 bytes etc.
2) Do not use delimiters at all, use count and length values at the start of the command structure.
3) Use something else.
To my knowledge, the way TCP/IP buffers work is that SOME SORT of delimiter has to be used to seperate 'commands' or 'bundles of data' as a buffer may contain multiple commands, or a command may span multiple buffers.. So this
BinaryReader / Writer seems like an obvious candidate, the only issue is that the byte array may contain multiple commands ( with parameters inside). So the byte array would still have to be chopped up in order to feel into the BinaryReader.
Suggestions?
Thanks.
The standard way to do this is to have the length of the message in the (fixed) first few bytes of a message. So you could have the first 4 bytes to denote the length of a message, read those many bytes for the content of the message. The next 4 bytes would be the length of the next message. A length of 0 could indicate end of messages. Or you could use a header with a message count.
Also, remember TCP is a byte stream, so don't expect a complete message to be available every time you read data from a socket. You could receive an arbitrary number of bytes at ever read.
Erlang has a crypto function which generates public private keys (documentation copied below). However the documentation seems vague and I can't find any example code that describes how to generate the shared prime number or the generator. Can someone post an example that generates a public/private key pair? Thanks in advance for any help!
dh_generate_key(DHParams) -> {PublicKey,PrivateKey}
dh_generate_key(PrivateKey, DHParams) -> {PublicKey,PrivateKey}
Types:
DHParameters = [P, G]
P, G = Mpint
Where P is the shared prime number and G is the shared generator.
PublicKey, PrivateKey = Mpint()
Generates a Diffie-Hellman PublicKey and PrivateKey (if not given).
You don't generate the shared prime number or the generator for Diffie-Hellman. See:
http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
The parameters P and G are agreed to ahead of time by both sides. Using the notation of the Wikipedia article, crypto:dh_generate_key is used for steps 2 & 3 to generate a/A & b/B, and then crypto:dh_compute_key is used for steps 4 & 5 to compute the shared secret s.
For RSA, I don't know of a standard library function that generates a public/private key pair. Generating primes is a fairly involved algorithm from what I remember; I would strongly recommend you not try to code it yourself. Diffie-Hellman key pairs are not suitable for use with RSA; they are different algorithms intended for different purposes.
Generally you don't need to generate these at runtime since you can reuse the key pair. You can use any number of other sources to actually generate it. (Maybe ssh-keygen would work? And there's always OpenSSL.) To use the key pair you've created, you'd use the crypto:rsa_ public/private _ encrypt/decrypt functions.
See cutkey (https://github.com/yrashk/cutkey)
"cutkey is an Erlang app for generating RSA keys. It is implemented as
a port driver that calls OpenSSL's RSA_generate_key on a thread from
the async pool."
os:command("openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048").
You can use the crypto:generate_key/2 function to create RSA public and private keys:
For a 2048 length
{Pub, Priv} = crypto:generate_key(rsa, {2048,65537}).
Or for a 1024 length
{Pub, Priv} = crypto:generate_key(rsa, {1024,65537}).
See: https://erlang.org/doc/apps/crypto/crypto.pdf (page 37)
generate_key(Type, Params) -> {PublicKey, PrivKeyOut}
Where
Type = rsa
Params = rsa_params() =
{ModulusSizeInBits :: integer(),
PublicExponent :: key_integer()}