我有一个 RSA 公钥、一些数据和该数据的签名。我需要验证签名。然而,签名不是数据的摘要,而是整个数据的签名。 (数据本身只有 16 个字节,因此签名者在签名之前不必费心对数据进行哈希处理。)我可以通过在初始化上下文时指定 NULL 引擎来验证 C 中的签名:
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(verify_key, NULL);
但是,我无法在 Ruby 的 OpenSSL::PKey::PKey 验证方法中找到等效方法。该方法需要一个 Digest 对象,而且我找不到 Digest,它实际上并不散列,而是按原样返回数据。我尝试创建自己的 Digest 子类,但我认为这行不通,因为底层 OpenSSL 库不知道自定义摘要类型的存在。
鉴于我无法修改签名者运行的代码,我是否卡住了,或者是否有解决此问题的方法?
最佳答案
总结评论中的答案以便从“未回答”过滤器中删除此问题...
owlstead :
Have you tried to find a function like
public_decrypt? It may work, as normally you should not encryption with a private key and decrypt with a public key. With a bit of luck it will accept the signature version of PKCS#1 padding (note that the padding used for encryption and signing is different in PKCS#1).
Wammer :
Of course - decrypting the signature with the public key and verifying that it matches the data works fine. So far this is working fine with the standard PKCS#1 padding, but I'll do some more research to see if the differing encryption and signing paddings are a problem in practice. Thanks.
owlstead :
After a decrypt and validation of the padding, all that is left is a (if possible, secure) compare. So that would replace the verification function pretty well. Most of the security is in the modular arithmetic and padding.
关于ruby - 使用 Ruby OpenSSL 验证非散列数据的签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14819304/