Skip Menu |

This queue is for tickets about the Crypt-OpenSSL-DSA CPAN distribution.

Report information
The Basics
Id: 133857
Status: resolved
Priority: 0/
Queue: Crypt-OpenSSL-DSA
People
Owner: Nobody in particular
Requestors: TIMLEGGE [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.19
Fixed in: (no value)

History Show all quoted text
  Wed Dec 02 08:30:19 2020 TIMLEGGE [...] cpan.org - Ticket created
Subject: Crypt::OpenSSL::DSA::do_verify() -- sig is not a blessed SV reference at
Hi I am working on XML::Sig for the verification of DSA signed XML. I have a signature value from: my $bin_signature = $self->{key_obj}->sign( sha1($signed_info_canon) ); that is stored as a base64 encoded string in an XML file. To verify an XML I retrieve and decode that to get the signature again to verify with the public key: my ($context,$canonical,$sig) = @_; eval { require Crypt::OpenSSL::DSA; }; # Generate Public Key from XML my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', $context))); my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', $context))); my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', $context))); my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', $context))); my $dsa_pub = Crypt::OpenSSL::DSA->new(); $dsa_pub->set_p($p); $dsa_pub->set_q($q); $dsa_pub->set_g($g); $dsa_pub->set_pub_key($y); my $bin_signature = decode_base64($sig); # DSA signatures are limited to a message body of 20 characters, so a sha1 digest is taken return 1 if ($dsa_pub->do_verify( $self->{digest_method}->($canonical), $bin_signature )); As I understand it, passing the signature to do_verify would allow you to use the full signature object, I assume it is because Perl does nt know that $bin_signature is a Crypt::OpenSSL::DSA::Signature. Any idea how to proceed? Tim
  Wed Dec 02 18:09:29 2020 TIMLEGGE [...] cpan.org - Correspondence added
On Wed Dec 02 08:30:19 2020, TIMLEGGE wrote: Show quoted text
> Hi > > I am working on XML::Sig for the verification of DSA signed XML. > > I have a signature value from: > > my $bin_signature = $self->{key_obj}->sign( sha1($signed_info_canon) > ); > > that is stored as a base64 encoded string in an XML file. > > To verify an XML I retrieve and decode that to get the signature again > to verify with the public key: > > my ($context,$canonical,$sig) = @_; > > eval { > require Crypt::OpenSSL::DSA; > }; > > # Generate Public Key from XML > my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', > $context))); > my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', > $context))); > my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', > $context))); > my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', > $context))); > my $dsa_pub = Crypt::OpenSSL::DSA->new(); > $dsa_pub->set_p($p); > $dsa_pub->set_q($q); > $dsa_pub->set_g($g); > $dsa_pub->set_pub_key($y); > > my $bin_signature = decode_base64($sig); > # DSA signatures are limited to a message body of 20 characters, so a > sha1 digest is taken > return 1 if ($dsa_pub->do_verify( $self->{digest_method}-
> >($canonical), $bin_signature ));
> > As I understand it, passing the signature to do_verify would allow you > to use the full signature object, > > I assume it is because Perl does nt know that $bin_signature is a > Crypt::OpenSSL::DSA::Signature. > > Any idea how to proceed? > > Tim
I figured out the issue basically the encoded binary signature included r and s and unpacking it to create a Crypt::OpenSSL::DSA::Signature and set_r and set_s to create a sigobj that can be used to call do_verify.
  Wed Dec 02 18:09:30 2020 TIMLEGGE [...] cpan.org - Status changed from 'new' to 'resolved'