RSA Sign in PHP. Verify in Xojo

Carlo_De_Simone · December 23, 2016, 11:32am

I got a big issue. This cousing me to try some workarounds and all I tried drive me in anycase in a dead road…
I got a php code to generate am RSA Key Pair (PEM pcks#1 format) and I SIgn a passphrase with private Key… and the code is working…

$data = 'my data to sign';
include("Crypt/RSA.php");
$rsa = new Crypt_RSA();
     
	 $rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
     $rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
	 extract($rsa->createKey());
 
     $plaintext = $data;
 
     $rsa->loadKey($privatekey);
     $signature = $rsa->sign($plaintext);
 
     $rsa->loadKey($publickey);
     echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
	 echo "<br/>pubkey: ". $publickey."<br/>";
	 echo "signature:" . base64_encode($signature);

For testing porpouse I copied the publick key and the signature into my Xojo App where I need to verify the same passphrase with the publick key.
I followed some hints I get from the forum (like function to convert the PEM KEY format into a readeable xojo format), but unfortunately I can’t be able to have a succesfull signature verification.
Does anyone has aleady solved this situation ?
I tried to apply some workarounds using xojo code server side to have compatible keys and signature to use client side, but with Linux and Xojo I got so many issue the workarounds become the worst way…
Thanks
C

Verify into XOjo client:

[code] Dim PublicKey as String
DIM message as String = “my data to sign”
//get the signature
Dim Signature As String = DecodeBase64(TextArea_Signature.Text.Trim)

	Dim mPK as MemoryBlock
	//get the publick key and decode from PEM format
	
	if DecodePEMPublicKey(TextArea_PK.text.trim,mPK) then
			
			PublicKey  = mpk.ToString
			
	end if
	
	If Crypto.RSAVerifySignature(message,Signature,PublicKey) Then
			 MsgBox("Signature test passed")
	Else
			 MsgBox("Signature test failed")
	End If[/code]

I got always ‘Signature test failed’ message

Christian_Schmitz · December 23, 2016, 1:33pm

did you try MBS Functions instead?
http://www.monkeybreadsoftware.net/module-opensslmbs.shtml

Carlo_De_Simone · December 23, 2016, 6:34pm

I tried with no success. I used top aste publick key and signature from here:
[url=https://api.eudosia-projects.com/testrsa2.php[/url]

this is the php code:

[code]$data = ‘my data to sign’;
include(“Crypt/RSA.php”);
$rsa = new Crypt_RSA();

 $rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
 $rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
 extract($rsa->createKey(1024));

 $plaintext = $data;

 $rsa->loadKey($privatekey);
 $signature = $rsa->sign($plaintext);

 $rsa->loadKey($publickey);
 echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
 echo "<br/>pubkey: ". $publickey."<br/>";
 echo "signature:" . base64_encode($signature);[/code]

this is the xojo code:

DIM Message as String = "my data to sign" DIm PublicKey as String = TextArea_PK.Text.trim Dim Signature As String = DecodeBase64(TextArea_Signature.Text.Trim) // verify with public key dim r4 as Boolean = OpenSSLMBS.VerifyData(Message, Signature, PublicKey) if r4 then MsgBox "Success" else MsgBox "Failure" end if

I get runtime Error…can’t read publick key.

Christian_Schmitz · December 23, 2016, 7:45pm

your file is in PKCS1 format?
Maybe convert it to PEM first?

Carlo_De_Simone · December 23, 2016, 8:49pm

PEM-encoded RSA keys are basically the binary keys in the format described by PKCS#1 (RFC 3447), base-64 encoded and surrounded by an ASCII header and footer.
Maybe already I got IT ? I’m I wrong ?
I need a way to use for signing an RSA key PKCS1 DER encoded… there is this possibility with Xojo or your plugin ?
THanks