Reputation: 31
Python cryptography RSASSA PSS signature returns not valid when check with pycrypto APIs
I'm trying to build a wrapper program around Crypto modules of python for testing and generation of test vectors for a hardware implementation. On the hardware RSASSA_PSS with SHA256 data hash and MGF1 SHA1 identifier is used.
I get a valid signature response from the signature generated by pycrypto while the signature seems to be invalid in case of cryptography module.
The below implementation is for pycrpto:
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_PSS
import binascii
string = "ABCD"
message = bytes.fromhex(string)
digest = SHA256.new()
digest.update(message)
print(digest.hexdigest())
private_key = False
with open ("RSATest_private.pem", "rb") as myfile:
private_key = RSA.importKey(myfile.read())
# Load private key and sign message
signer = PKCS1_PSS.new(private_key)
sig = signer.sign(digest)
print(binascii.hexlify(sig))
and the below implementation is for cryptogrpahy module:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import utils
from cryptography.hazmat.primitives import hashes
import binascii
digestAlg_obj = hashes.SHA256()
digest_obj = hashes.Hash(self.digestAlg_obj, backend = default_backend())
digest_obj.update(bytes.fromhex('ABCD'))
digest_bytv = digest_obj.finalize()
print(binascii.hexlify(sha256_data))
with open(RSATest_private.pem, "rb") as key_file:
self.prvKey_obj = serialization.load_pem_private_key(key_file.read(),password=None,backend=default_backend())
signature_bytv = self.prvKey_obj.sign(digest_bytv,padding.PSS(mgf = padding.MGF1(hashes.SHA1()),salt_length=padding.PSS.MAX_LENGTH),utils.Prehashed(hashes.SHA256()))
print(binascii.hexlify(signature_bytv))
I understand that the signatures obtained are not the same due to the randomness involved in the generation for PSS algorithm. The algorithm setting in both the cases is the same.
The HASH value from SHA256 for the data match in both the modules, but the signature generated when checked on the hardware returns invalid in case of cryptography module.
Is something wrong with the parameter usage in case of cryptography module?
From the documentation of the pycrypto module, I see that SHA1 is used for mgf1 and the salt length also equals the maximum length of the hash algorithm.
So using the same values in cryptography module should provide me a valid signature.
Also verifying the signature generated by cryptography APIs return sign invalid when checked using the corresponding public key with the pycrypto APIs.
I have tried to generate signature with mgf1 with hash Alg of sha256 as well just to check with the latest predominant embedded hardware implementations but with no progress here as well.
Used python3.6, pycrypto v2.6.1 and cryptography v2.2.2
Upvotes: 1
Views: 2633
Answers (1)
Reputation: 31
The issue seems is solved :)
For anyone facing a similar issue, the default hash alg in MGF1 function in pycrypto or OPENSSL for RSASSA-PSS is SHA256 and a salt_length equal to the digest length of the data.
So changing the MGF1 algorithm to hashes.SHA256() and salt_length to 32 solved the problem.
Upvotes: 1
Related Questions
- RSA PSS signature verification between python (cryptography) and .NET5 (System.Security.Cryptography) fails
- trying to convert Java RSA-PSS signature verification code (with SHA256 hash, SHA1 MGF hash) to Python
- RSA signed data verification not working PyCryptodome
- Why can't openssl verify signature created by Python cryptography library?
- Can't verify RSA signature with pycryptodome
- PyCryptodome RSA signature and verification
- How to verify in pycrypto signature created by openssl?
- Unable to verify a signature in python using PKI
- python crypto rsa issue
- Python PyCrypto and RSA problem