2

I would like to sign a file using a dsa key and openssl. The DGST(1) man page says the following:

file...

file or files to digest. If no files are specified then standard input is used.

For me this means that the following two terminal commands should give the same results, which they do not. I piped the output through od because the result is binary.

  1. specify the file on command line

    openssl dgst -dss1 -sign private_key.pem test_archive.zip | od -x
0000000      2c30    1402    e30d    9073    0059    0de7    f03e    8fd2
0000020      874b    5252    b025    8f44    1402    ed26    2f55    7fa4
0000040      f474    0426    1d44    787c    ecd6    5059    921b        
0000056

  2. piping the file into the openssl command

    openssl dgst -dss1 -sign private_key.pem < test_archive.zip | od -x
0000000      2c30    1402    2444    c3a5    f498    7bb8    3dfe    715d
0000020      e179    c5ad    c0a5    2b16    1402    173b    692b    9d71
0000040      3970    c497    9994    9cbc    4cfd    d642    62df        
0000056

As you can see both outputs are not the same, although the file which should be signed is the same in both cases.

Why is this the case? Am I missing something obvious here?

Edit

I am using OpenSSL version 0.9.8y 5 Feb 2013 on FreeBSD and version 0.9.8r 8 Feb 2011 on Mac OS X 10.7.5 and observing the effect on both.

Edit 2 - How to generate a key for testing

small shell script for generating appropriate keys

#!/bin/bash

openssl=/usr/bin/openssl
${openssl} dsaparam 1024 < /dev/urandom > dsaparam.pem
${openssl} gendsa dsaparam.pem -out private_key.pem
${openssl} dsa -in private_key.pem -pubout -out public_key.pem
rm dsaparam.pem

I also ran a test on a CentOS 6 Linux system using OpenSSL version 1.0.0-fips which shows the same strange behavior.

Edit 3 - More Versions Tested

Also the freshly compiled OpenSSL version 1.0.1e 11 Feb 2013 shows this behavior.

Improve this question
2
  • 1
    Magic! are you sure neither the private key file nor the data file has changed? Commented May 20, 2013 at 17:06
  • Both files are on my harddisk and the two variants of the command are executed directly one after the other. Commented May 20, 2013 at 19:29

2 Answers 2

Reset to default
2

I'm not able to reproduce this (OpenSSL 1.0.1 14 Mar 2012) . (I was using an RSA key) I think there are three possibilities:

  1. OpenSSL bug [or different default option] You may have a different version that has a bug. For example: http://rt.openssl.org/Ticket/Display.html?id=2965
    (I don't necessarily think it's this particular bug, but it is similar.)

  2. The key changed.

  3. The zipfile changed

Try adding -binary to your commands. Looking at #1, it could be that my version is doing --binary by default, which excludes the digest type.

openssl dgst -sha1  </dev/null
(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709

openssl dgst -sha1  /dev/null
SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709

With the dsa key, I am able to reproduce this in multiple versions of openssl (1.0.1 and 0.9.8y)

Using the -hex option, I was also able to confirm that the prefix is changing.

(1.0.1) 

openssl dgst -hex -dss1 -sign private_key.pem config
DSA-DSA(config)= 302e021500ca417b14be6e1c08426d4f4cdb3beb51181e6055021500e6a768689cfe9c6f7538e9ec2f952c9465fea80b

openssl dgst -hex -dss1 -sign private_key.pem <config
(stdin)= 302c02142a59682765ae10e37fe114ca63a21cdf4127ff5302141c8b3ac5caf538a23dc43b20cc9c01b1278c0d8e

(0.9.8y)

apps/openssl dgst -hex -dss1 -sign private_key.pem config
DSA(config)= 302e0215008aef560f547425fb4360e24be343fa6db2dc4551021500eb594cea70455400838dc0a14dae7b86614c5218

apps/openssl dgst -hex -dss1 -sign private_key.pem <config    302c02146aa92d6cf2cc9a6fb1d340fed21c29d05f936fc002141fd9e781def4897cfc306b7a68a92b90e6861cb9

Note: all 4 commands have different binary output. Given that the hex hash is the same but the prefix is different, it seems reasonable to infer that the differences in the prefixes are causing the changes in the outputs.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I added to both commands -binary and it did not help. Also I am not observing this strange behavior when using the sha1 function.
What version of openssl? (openssl version)
Added openssl version to main question.
I still think it might be an openssl bug. I tried compiling 0.9.8y but didn't know how to generate an appropriate key, so I cannot confirm that. I bet if you download the source, compile, and try out the version in apps/openssl it will work as expected.
I added the script with which the public and private key pair is generated to my question. It would be interesting if you can reproduce this behavior.
|
0

The behavior of OpenSSL is not a bug. The created signature is different if the file is piped in via stdin or specified on the command line, but both outputs are a valid signature if tested with

openssl dgst -dss1 -verify public_key.pem -signature file_with_archive_signature.sig test_archive.zip

Therefore I think that without looking at the algorithm there is more than one valid signature for each file, but a signature is only valid for one file (neglecting collisions).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.