CODEWITHSUNDEEP
opensslpkcs#7smime
chris01
chris01

Reputation: 12321

OpenSSL: PKCS7, verification failure, checksum of payload in PEM?

I have a verification-error in a SMIME-message and I try to check manually.

Is there an obvious relation between the ASN1 of the PEM and the digest of the payload?

I try the following:

  1. Make the PEM of a message (signature of the SMIME)

    openssl cms -sign -in x.txt -md sha1 -signer cer.cer -inkey key.key -outform PEM > mypem

  2. Make a SHA-checksum of the payload:

    sha1sum x.txt

  3. Parse the PEM:

    openssl asn1parse -in mypem

So will I find the SHA-checksum of sha1sum in the output of asn1parse??

Upvotes: 0

Views: 541

Answers (1)

oliv
oliv

Reputation: 13249

If you add -inform pem to the last openssl command you'll see more:

 openssl asn1parse -inform pem -in mypem

Look at the end of the output for the OCTET STRING. In my case I have 2K RSA key and that object is 512 bytes.

This hexdump is the crypto part of the PKCS#7 signature.

Convert this string to binary (I like xxd for this) and use openssl once more to get it decode (assuming you also have RSA key):

$ echo "07CD61E81878C803ACA4B41713845320D46577ED9B4F70FA04F18C31B27F08622B4D919C30147B99EF2135A402C5DC11639F0412648DA84183284A2E9F51EC05C3F354ECDC7A7F9BB540785ACC192BFAE2643C796FBD3CD8CD9ADB8591ABF042F9FC6F520250D50B0DC52E2207A1D7116878AC75EFE87031CC728822D01A0FCB75E528239CA9FD94EC4C6161696A33A35D5CA7E182FF486E8DF7CBA7944840F130612415ED3FCD42C4F92E2BF193CCC265A4B5D153362A51A3CA00F8EF0D7E4D3F7516299C74271E4AF6307AFA5FF2897297F7076E3D7A21A0BCA4B22A699D9D6F5C3AD044DC91145B34B3564EE9825DC9E9DE19A453296A8C1E520D292A7861" | 
xxd -r -ps -c512 | openssl rsautl -encrypt -inkey key.key -raw -hexdump
Enter pass phrase for key.key:
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
00d0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 21 30   .............0!0
00e0 - 09 06 05 2b 0e 03 02 1a-05 00 04 14 d2 b9 cb a5   ...+............
00f0 - 53 a5 e2 da d9 da 75 c5-bc ad a5 1b f6 2a eb 13   S.....u......*..

You'll recognized the PCKS#1 v1.5 padding.

Extract the bytes at the end, decode them with the openssl asn1 parser and you'll finally get the hash you wanted:

$ echo 3021300906052b0e03021a05000414d2b9cba553a5e2dad9da75a5bcada51bf62aeb13 | xxd -r -ps | openssl asn1parse -inform der
  0:d=0  hl=2 l=  33 cons: SEQUENCE
  2:d=1  hl=2 l=   9 cons: SEQUENCE
  4:d=2  hl=2 l=   5 prim: OBJECT            :sha1
 11:d=2  hl=2 l=   0 prim: NULL
 13:d=1  hl=2 l=  20 prim: OCTET STRING      [HEX DUMP]:D2B9CBA553A5E2DAD9DA75A5BCADA51BF62AEB13

Upvotes: 1

Related Questions