This queue is for tickets about the Crypt-OpenSSL-DSA CPAN distribution.

Report information
The Basics
Id:
133857
Status:
resolved
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
TIMLEGGE [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
0.19
Fixed in:
(no value)



Subject: Crypt::OpenSSL::DSA::do_verify() -- sig is not a blessed SV reference at
Hi I am working on XML::Sig for the verification of DSA signed XML. I have a signature value from: my $bin_signature = $self->{key_obj}->sign( sha1($signed_info_canon) ); that is stored as a base64 encoded string in an XML file. To verify an XML I retrieve and decode that to get the signature again to verify with the public key: my ($context,$canonical,$sig) = @_; eval { require Crypt::OpenSSL::DSA; }; # Generate Public Key from XML my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', $context))); my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', $context))); my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', $context))); my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', $context))); my $dsa_pub = Crypt::OpenSSL::DSA->new(); $dsa_pub->set_p($p); $dsa_pub->set_q($q); $dsa_pub->set_g($g); $dsa_pub->set_pub_key($y); my $bin_signature = decode_base64($sig); # DSA signatures are limited to a message body of 20 characters, so a sha1 digest is taken return 1 if ($dsa_pub->do_verify( $self->{digest_method}->($canonical), $bin_signature )); As I understand it, passing the signature to do_verify would allow you to use the full signature object, I assume it is because Perl does nt know that $bin_signature is a Crypt::OpenSSL::DSA::Signature. Any idea how to proceed? Tim
On Wed Dec 02 08:30:19 2020, TIMLEGGE wrote:
Show quoted text
> Hi > > I am working on XML::Sig for the verification of DSA signed XML. > > I have a signature value from: > > my $bin_signature = $self->{key_obj}->sign( sha1($signed_info_canon) > ); > > that is stored as a base64 encoded string in an XML file. > > To verify an XML I retrieve and decode that to get the signature again > to verify with the public key: > > my ($context,$canonical,$sig) = @_; > > eval { > require Crypt::OpenSSL::DSA; > }; > > # Generate Public Key from XML > my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', > $context))); > my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', > $context))); > my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', > $context))); > my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', > $context))); > my $dsa_pub = Crypt::OpenSSL::DSA->new(); > $dsa_pub->set_p($p); > $dsa_pub->set_q($q); > $dsa_pub->set_g($g); > $dsa_pub->set_pub_key($y); > > my $bin_signature = decode_base64($sig); > # DSA signatures are limited to a message body of 20 characters, so a > sha1 digest is taken > return 1 if ($dsa_pub->do_verify( $self->{digest_method}-
> >($canonical), $bin_signature ));
> > As I understand it, passing the signature to do_verify would allow you > to use the full signature object, > > I assume it is because Perl does nt know that $bin_signature is a > Crypt::OpenSSL::DSA::Signature. > > Any idea how to proceed? > > Tim
I figured out the issue basically the encoded binary signature included r and s and unpacking it to create a Crypt::OpenSSL::DSA::Signature and set_r and set_s to create a sigobj that can be used to call do_verify.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.