[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: any way to debug signature verification failure?
From:       "Dr. Stephen Henson" <steve () openssl ! org>
Date:       2005-11-29 19:27:43
Message-ID: 20051129192743.GA69322 () openssl ! org
[Download RAW message or body]

On Tue, Nov 29, 2005, john guerrero wrote:

> hi steve,
> 
> ok, i tried:
> openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse
> 
> and got:
> RSA operation error
> 15946:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block 
> type is not 01:rsa_pk1.c:100:
> 15946:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check 
> failed:rsa_eay.c:580:
> 
> i'm interpreting this to be the "invalid block type" that you mentioned 
> earlier...so it's either a corrupted signature or else it was signed 
> with a different key.  i got this same error when trying both keys that 
> i have.
> 
> is my understanding correct?
> 

Those are by far the most likely possibilities. 

There is an outside chance that its a bug in OpenSSL which produces an invalid
signature or causes the verify to fail.

If you are pretty sure it was signed with one of those keys then you can check
that out by attempting to sign the data again using each key and comparing the
signature to the original.

If you get a match then its an OpenSSL bug.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]