[pycrypto] RSA signature pycrypto openssl interoperability

Andrew Cho bytestorm at gmail.com
Sun Aug 21 09:35:27 CST 2011

Hi, I'm trying to generate signatures in a way openssl can verify using
pycrypto, but when I decode it with openssl, it doesn't produce usable
results. This has been my workflow so far:


openssl genrsa -out privkey.pem 2048
openssl rsa -pubout -in privkey.pem -out pubkey.pem

echo "message text" > data

python <<!
#!/usr/bin/env python

from Crypto.PublicKey import RSA
import Crypto.Random
from Crypto.Util import number
import sys,ctypes

def make_OPENSSL_PKCS1_padding(k,msglen):
    if msglen > k - 11:
        return None
    PS = '\xff'* (k-msglen-3)
    E = ''.join((chr(0x00), chr(0x01), PS, chr(0x00)))

    return E

prk = RSA.importKey(file('privkey.pem').read())

data = file('data').read()
E = make_OPENSSL_PKCS1_padding((prk.size()+1)/8,len(data))
EM = ''.join((E,data))

sigout = prk.sign(EM,'')

f = open('signature','wb')

openssl rsautl -verify -raw -pubin -inkey pubkey.pem -in signature -out

cat de_signature


I expect to see a whole bunch of 0xFFs followed by "message text" when I cat
de_signature, but that's not what I get at all. Any idea what I might be
doing wrong here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.dlitz.net/pipermail/pycrypto/attachments/20110821/dc133a09/attachment.htm 

More information about the pycrypto mailing list