[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

R: Problem about the private key signing with SFL

Hi all,
I did some steps around the problem.
I compiled free3 again but with right options so now
I can debug into CSM_Free3::SMTI_Sign.

This way I was able to understand the cause of the problem.
Free3 recognized EncryptedPrivateKeyInfo SEQUENCE
(the most external structure for PKCS#8) and the value
used for EncryptionAlgorithmIdentifier, member of that
structure. In fact, looking inside Free3 while debugging,
I seen that if PKCS#8 was created using PBE-MD5-DES
(openssl pkcs8 -in keytemp.pem -inform pem -topk8
-v1 PBE-MD5-DES -outform der -out privkey.p8)

or PBE-MD5-RC2

(openssl pkcs8 -in keytemp.pem -inform pem -topk8
-v1 PBE-MD5-RC2 -outform der -out privkey.p8).

the Free3 recognized the algorithm.
If PKCS#8 was created another (e.g PBE-MD2-DES)
Free3 printed out:
"unsupported password encryption"

So the problem is: even if Free3 recognize PBE algorithm
identifier, it doesn't decrypt correctly the encoded
data for PKCS#8 PrivateKeyInfo SEQUENCE.

(I don't know if the problem is on the openssl side,
on the Free3 side or both)

In fact I uncommented the line

// for debug only - to be taken out

in CSM_Free3::DecryptPrivateKey source code
in order to write to a file containing decrypted
PKCS#8 PrivateKeyInfo SEQUENCE.

I created a PKCS#8 only with not encrypted internal
PrivateKeyInfo SEQUENCE.

(openssl pkcs8 -in keytemp.pem -inform pem -topk8
-v1 PBE-MD5-RC2 - nocrypt -outform der -out privkey.p8).

Then I binary compared the PKCS#8 file and
file containing data decrypted by Free3.
This test failed: they are different.

I also used 'openssl asn1parse' command to view
the tagged structure of DER encoded files:
PKCS#8 unencrypted file produced by openssl
is a good PKCS#8 encoded file, instead
'openssl asn1parse'  doesn't recognize as
valid ASN.1 encoded data the file containing
Free3 decrypted PrivateKeyInfo SEQUENCE.

So I did another test. I modified
CSM_Free3::DecryptPrivateKey source code

   // get the key to be decrypted
   CSM_Buffer bufEncryptedKey((char*)(snaccEncryptedX.encryptedData),
   CSM_Buffer bufEncodedPrivateKey;

   SME(RawDecrypt(&bufEncryptedKey, &bufEncodedPrivateKey, cbc_decryption,

   // for debug only - to be taken out

   // ASN.1 decode the private key
   DECODE_BUF((&snaccX), bufEncodedPrivateKey);


   // get the key to be decrypted
   CSM_Buffer bufEncryptedKey((char*)(snaccEncryptedX.encryptedData),
   //CSM_Buffer bufEncodedPrivateKey; //TO BE UNCOMMENTED FOR RELEASE

   // ES: the following statement is only for debug (by GR)
   CSM_Buffer bufEncodedPrivateKey(".\\grkeynocrypt2.p8");

   //SME(RawDecrypt(&bufEncryptedKey, &bufEncodedPrivateKey, cbc_decryption,

   // for debug only - to be taken out

   // ASN.1 decode the private key
   DECODE_BUF((&snaccX), bufEncodedPrivateKey);

in order to make Free3::Sign use the previously
created  file containing encoded PrivateKeyInfo
STRUCTURE instead of Free3 decrypted data.

Finally this test gave me a positive result:
CMS object with SignedData was produced
(and also I successfully tried the code for
signature verification)!!!

For the moment using this workaround (trial private key
not encrypted) I can develop and test various features
of my application but I need to solve the problem.
Has anyone a solution?

Or, intermediate solution, has anyone (Bob? Jonathan?)
a free tool tested with SFL&Free3 CTIL for extracting
a private key from a PKCS#12 and putting it
into a PKCS#8?


> -----Messaggio originale-----
> Da:
> Inviato:	30 June 2000 13:27
> A:	'imc-sfl@xxxxxxx'
> Oggetto:	Problem about the private key signing with SFL
> Hi all,
> another problem. About private key.
> As I wrote, the goal of my application is
> * sign a blob
> * verify the signature over this blob
> (very innovative ...  :-))
> I want to use Crypto++ 3.1 free token library, md5RSA or sha1RSA
> signature over that blob and produce a CMS object with or
> without ContentInfo,
> with or without signer's certificate, with or without
> certification path certificates
> Platform: Win32, Compiler VisualC++ 6.0 (within VisualStudio)
> Professional with SP3
> SFL version 1.6 (Free3 CTIL compiled with
> In order to try the application with a standard certificate,
> I got a trial certificate from Verisign
> (with automatic enrollment to the Microsoft
> Enhanced Cryptographic Service Provider, the one
> released with a High Encryption Pack for IE)
> Main features are:
> * Version3
> * Public key algorithm: RSA
> * Public key length: 1024 bit
> * Certificate Signature Algorithm: md5RSA
> Then I exported the certificate with a private key from MS
> local repository
> to a PKCS#12 object.
> Finally using openSSL 0.95a I performed following steps:
> 1) extraction of the private key from PKCS#12 to PEM format
> (I think base64 encoded RSA format, it is not specified in
> openSSL docs).
> The command used is:
> openssl pkcs12 -in mypkcs12.p12 -nocerts -out keytemp.pem
> Openssl requested password to open pkcs12 object and password
> to protect pem format private key file
> * transcoding from PEM format to PKCS#8 (protected with PKCS#5)
> DER encoded.
> The command used is:
> openssl pkcs8 -in keytemp.pem -inform pem -topk8 -outform der
> -out privkey.p8
> Openssl requested password to pem format key and password
> to protect PKCS#8 object
> **********************************
> Now the application. Some key source code line:
> * For login:
> 	SME(pES_AppLogin= (CSM_AppLogin *) new
> CSM_AppLogin(FREE3_DLL_NAME,DLLBuildParam));
> 	pCSMIME = (CSMIME *)pES_AppLogin;
> Following previous mails between Bob and Jonathan (about
> default alg - DSA - for
> Free3 CTIL) I added following code
> 	pCSMIME->m_pCSInsts->SetCurrToFirst();
> 	pCurr_CSInst=pCSMIME->m_pCSInsts->Curr();
> 	pDigestAlgOID = new CSM_OID(md5);
> 	pDig_EncAlgOID = new CSM_OID(md5WithRSAEncryption);
> 	pCurr_CSInst->SetPreferredCSInstAlgs(pDigestAlgOID ,
> 		pDig_EncAlgOID , NULL, NULL);
> Because of the fact that the application had produced a PKCS#7 object
> containing SignedData without SignerInfos/SignerInfo data, I
> debugged the code
> and I saw that before calling SMTI_Sign method it was controlled that
> Applicable bit value within CSM_CInst instance was true.
> So I added following code:
> 	pCurr_CSInst->SetApplicable(true);
> * For instancing and preparing CSM_MsgToSign object
> 	CSM_Buffer *p;
> 	m_pESSignMsg= (CSM_MsgToSign *) new CSM_MsgToSign(p);
> 	// CMS (RFC 2630) OID definition for SignedData type
> 	m_pESSignMsg->setContentType(CSM_OID("1.2.840.113549.1.7.2"));
> 	m_pESSignMsg->SetIncludeOrigCertsFlag(true);
> 	m_pESSignMsg->m_bIssOrSki = false;
> //Usa IssuerAndSerialNumber
> 	// for the following flag: true->enveloping signature
> 	// false->detached signature
> 	m_pESSignMsg->SetIncludeContentFlag(true);
> * For signing
> 	if ((ret=m_pESSignMsg->Sign(pCSMIME))==SM_NO_ERROR)
> 	{
> 		CSM_Buffer
> *pbufContent=m_pESSignMsg->GetEncodedContentInfo();
> 		pbufContent->ConvertMemoryToFile(SIGNED_DATA_FILENAME);
> 		delete pbufContent;
> 	}
> *******************************************************
> The problem:
> The application return to me following exception:
> F:\Tesi\es\escmd\lib>escmd
>  ERROR INFORMATION: PrivateKeyInfo::BDec: ERROR - wrong tag
>         ERROR CODE: 34  SOURCE LINE NUMBER: 3054
>         FILE: f:\tesi\smimer1.6\alg_libs\sm_free3\sm_free3.cpp
>         FUNCTION: CSM_Free3::DecryptPrivateKey
> CSM_Free3::SMTI_Sign IN
> f:\tesi\smimer1.6\alg_libs\sm_free3\sm_free3.cpp, line 8
> 1.
> CSM_SignBuf::SignBuf IN
> f:\tesi\smimer1.6\libcert\src\sm_signbuf.cpp, line 193.
> ProduceSignerInfo IN
> F:\Tesi\smimeR1.6\libsrc\hilevel\sm_Sign.cpp, line 301.
> UpdateSignedDataSIs IN
> F:\Tesi\smimeR1.6\libsrc\hilevel\sm_Sign.cpp, line 195.
> Sign IN F:\Tesi\smimeR1.6\libsrc\hilevel\sm_Sign.cpp, line -1.
> sign IN f:\tesi\es\escmd\src\escmd.cpp, line -1.
> I can't debug the application within SMTI_Sign (CSM_TokenInterface
> class or, better, CSM_Free3 class) method because
> for the following code in sm_SignBuf.cpp
>     {
>          SME(tmpTokenIF->SMTI_Sign(pSigContentBuf,
>              pSigBuf,                // returned result
>              pDigest));               // data digest (Hash of Content)
>     }
> the behavior of F11(step into) debug command is similar to
> F10 (step over),
> so I can't see values of various structures within the
> objects (from CSM_AppLogin and
> CSM_MsgToSign classes) just before exception is generated.
> I thinked I have compiled SFL with bad options, so
> I tried to verify key management
> using command
> auto_hid.exe lolevel\crypto.cfg:
> it returned to me no message (The meaning is:
> Test passed?).
> I tried to change randomly password in
> a free3 section of the crypto.cfg file
> ant it returned to me no message ...
> So I can't understand if SFL libraries have been built
> correctly
> Finally trying to generate a certificate using
> CertificateBuilder:
> 1) Using dialog box I can generate
> certificate only with DSA public key
> (which way for storing generated private key?)
> 2) Using a config file (e.g. DaisyRSA.cfg included
> in SFL package) CertificateBuilder returns an error
> (in libcert)
> *****************************************************************
> Now the questions:
> 1) Is my usage of pCurr_CSInst->SetApplicable(true)
> method correct or the use it's not mandatory (and I
> had to use it because I forgot something else?)
> 2) Did I do something wrong while estracting private key
> from PKCS#12 and converting to PKCS#8? Which is the
> right way for obtaining a private key file suitable for
> SFL Free3 CTIL ?
> There is some requirement for the password
> (length and others)?
> 3) Which way can I generate a couple private-public key
> RSA and a public key certificate signed using md5RSA
> or sha1RSA algorithms using CertificateBuilder (either
> using dialog windows or config file)?
> I tried to do the above operations but I wasn't able to force
> CertificateBuilder to use RSA algorithm and store private
> key somewhere into a file.
> The following questions aren't related to private key problem
> 3) Using the constructor
> CSM_AppLogin(FREE3_DLL_NAME,DLLBuildParam))
> (with DLLBuildParam="SM_FREE3DLL certsign.der keysign.p8
> password sm_FREE3")
> the last parameter, token ID (sm_FREE3), is ininfluent,
> because is the
> *CSM_Free3::AddLoginStatic method which copies ID string
> (FREE3) to a buffer
> pointed by the pointer passed as parameter, in the above case
> pointer to "sm_FREE3"
> parameter.
> The only need is passing a string with length equal or
> greather than FREE3
> in order to allocate string buffer memory large enough for th
> copy made
> by AddLoginStatic method
> It's true? If yes, why?
> 4) What's the difference between sha_1WithRSAEncryption
> and sha_1WithRSAEncryption_ALT AsnOid contants?
> 5) Have you (Wang) planned a CTIL for a MSCryptoAPI?
> Someone else had developed it?
> Thank's
> Gianluca
> ---------------------------------------------------------------------
> Gianluca Ramunno (ramunno@xxxxxxxxx)