Archived Forum Post

Index of archived forum posts

Question:

RSA Sign problem compared to openssl sign....

Dec 31 '13 at 11:50

Hi,

I work with the RSA encrypt on SQL to create a sign key, and now I found a problem, one among 133 signatures of documents says that is not correct, comparing it to a openssl signature with the same string to encode it gives a different result and can not figure it out why.

This is serius because the documents are sent to Portugal tax system and can not have errors like this kind.

when i try to validate the openssl signature it says it is ok.

this is the string to encode: 

 '2013-01-30;2013-01-30T12:20:58;NUMF 1/130117;3201.44;uq9KiaRYiWsUuFL/zCz4/m1JHZkp3drVyKR+VshhuorMRg/hIwa7oAxQROQtwAQxcsOt8fuS+kXvrmeHzSVnnnpnXA3xTrhugvpkuz85ZrtHljAwqxDLlscMHmxTzBFuJxTyKVQ5gzz7WJGqRYz3U96ATKER/mX5E2ZPRPLVfyg='
this is the SQL used:

 --CREATE PROC SP_Vendas_GeraChaveDocumento 
declare @DadosAEncriptar nvarchar(4000), @Hash nvarchar(200) , @Versao int  
select @DadosAEncriptar='2013-01-30;2013-01-30T12:20:58;NUMF 1/130117;3201.44;uq9KiaRYiWsUuFL/zCz4/m1JHZkp3drVyKR+VshhuorMRg/hIwa7oAxQROQtwAQxcsOt8fuS+kXvrmeHzSVnnnpnXA3xTrhugvpkuz85ZrtHljAwqxDLlscMHmxTzBFuJxTyKVQ5gzz7WJGqRYz3U96ATKER/mX5E2ZPRPLVfyg='

DECLARE @hr int, @sTmp0 nvarchar(4000), @success int, @pkeyXml nvarchar(4000), @rsa int
-- Inicia a versão da chave privada
    SELECT @Versao = 1
-- Inicia chave privada em formato XML
    SELECT @pkeyXml = N'<rsakeyvalue><modulus>6SnPpnuwThJwwxhsD8j2wqYm8Y5gSw62y0peXOkYiMZQj/1vhc0a93fEg9hoi3amDYL6B/uavJeByan8WsifdPbsIJ1lCKRtyUI3iI8LuRfAZhuwxxmW2b4F79s4VQCwPFpKrQ0sj9GpRW56dLcGZLdgjXjNPhQWJxaDduZWkfs=</modulus><exponent>AQAB</exponent>
+nZKx75rnijBdVclAGAEHA7wvwQRQAaxSC6V0GEAbQUJKpkGpq9514mRdZ4kM2+Zq3YaBNtMnnUK90hoPAtA5Q==
7lGaCCOLWa2JCzBUc4Z4Vds/W7gGsPSYf/I76jz+O0E+op3x5jsTklTp1uawg8dWxacY1nPOcbJ1mL5v+vS5Xw==<dp>Pt3mU1DGroJIXO2syfVP0sMlRqz8r3d+lEGtNQrEEplK/bg/ZSNyj9ll+4HgUFDY36LbURDCoJt8TymLkFa6yQ==</dp><dq>K/t1YPEmY5uKQj1eKJ/1j2rSK5wv5/KMPni3JAizpr3o0Fwz65iViRkQuu+CPh/I3Nt00wc2X3dfCpyC0B7gIw==</dq><inverseq>uaPWPpV1nnKwHfzMJAcBXuHOFrqsfvKa3hzxDoEhJh9ICRi8YIdEC2PjbV6BqJaZJ0LL1EXWELjslBUAS9HWFg==</inverseq><d>GvmJWnto1D9x6EBFEDZxxecvDjcokMZtA2vhKuKUwg4fd+kcI+CsxACJLa+1uJzLbTi/8Hh9WGA21bvixCX9vHPgYULPbRYImNOTqMu9LR0KgUjvBeyuwqLyFOA0utSTvYUsyG8mM90KKwRuxEn2GD+gvzUFSMvFqmJYvIsQe5E=</d></rsakeyvalue>'
-- Cria objecto p/ hash e encriptação RSA
    EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUTPUT
    IF @hr <> 0
    BEGIN
        RAISERROR('Failed to create ActiveX component.', 10, 1)
        RETURN
    END
--  Any string argument automatically begins the 30-day trial.
    EXEC sp_OAMethod @rsa, 'UnlockComponent', @success OUTPUT, ''
    IF @success <> 1
    BEGIN
        EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUTPUT
        RAISERROR(@sTmp0, 10, 1)
        RETURN
    END
--  Importa chave privada no objecto RSA criado
    EXEC sp_OAMethod @rsa, 'ImportPrivateKey', @success OUTPUT, @pkeyXml
    IF @success <> 1
    BEGIN
        EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUTPUT
        RAISERROR(@sTmp0, 10, 1)
        RETURN
    END

--  Altera propriedade LittleEndian do objecto RSA para BigEndian
    EXEC sp_OASetProperty @rsa, 'LittleEndian', 0
   -- EXEC sp_OASetProperty @rsa, 'Charset', 'ansi'
--  Altera propriedade EncodingMode do objecto RSA para base64
    EXEC sp_OASetProperty @rsa, 'EncodingMode', 'base64'
--  Calcula hash através do algoritmo SHA-1, e depois encipta o hash
--EXEC sp_OAMethod @rsa, 'OpenSslSignStringENC', @HASH OUTPUT, @DadosAEncriptar--, 'SHA-1'
    EXEC sp_OAMethod @rsa, 'SignStringENC', @Hash OUTPUT, @DadosAEncriptar, 'SHA-1'

select @hash
-- --this returns the key 
 D7X/hHY8Eo6rQkgqCYXaaTUzV6U34WyRJnns+NcSb/zvOMYJ2Sjs/hX8JBepZXcyunfRnkwFvtCVAQmojyus0VOdbHW8Iosc6H86MjGTCX3wlMFvqcsZ3YnaQLUvEbzKejazce6bKFW+4WdUL0lBiq/kscNiJ73jmP5SLtsd0w==

and openssl returns: 

  AA+1/4R2PBKOq0JIKgmF2mk1M1elN+FskSZ57PjXEm/87zjGCdko7P4V/CQXqWV3Mrp30Z5MBb7QlQEJ
qI8rrNFTnWx1vCKLHOh/OjIxkwl98JTBb6nLGd2J2kC1LxG8yno2s3HumyhVvuFnVC9JQYqv5LHDYie9
45j+Ui7bHdM=
Can anyone help on this strange case? Thanks

Answer

Please format this post in a more readable way using "<pre>" tags..

Answer

Formated as advised, thanks

Answer

Make sure you are using the very latest version of the Chilkat RSA ActiveX (v9.4.0). Examine the LastErrorText property after any method call to verify that this is the case. Check to make sure the "DllDate" line within the LastErrorText is a date from Dec. 2012 and not earlier.

Answer

how do you verify the hash code generated with the public key? with's method should i use?