[pycrypto] Got different PKCS1_v1_5 signature result on the same message & same rsa key pair
helderijs at gmail.com
Wed Mar 12 03:47:15 PDT 2014
PKCS#1v1.5 happens to be a deterministic signature scheme, so in theory the
assertion should not fail.
I believe that the RSA key that Wang Gang is using is not correct.
For instance, some of the CRT coefficients may not be matching the private
When that happens, the blinding countermeasures will not cancel out and the
result of RSA operations will be random (in addition to being incorrect).
2014-03-12 6:55 GMT+01:00 Philip Horger <campadrenalin at gmail.com>:
> I'm not the king of crypto, but if I recall correctly, some signature
> standards (and I think PKCS1 is one of them) include a random salt in the
> signature. This happens automatically, behind the scenes, on your behalf.
> So two signatures can be of the same content, with the same key, and not be
> equal - in fact, it's dramatically more likely than not! So you can't rely
> on bit-for-bit equality of signatures.
> On Tue, Mar 11, 2014 at 8:22 PM, wanggang <
> wanggang at goldenapptechnology.com> wrote:
>> Hi pycrypto,
>> This may be a simple problem since I am a newbiee to crypto.
>> I am not sure why I got different result from
>> PKCS1_v1_5.new(RSA.construct(lst)).sign(SHA.new(a2b(m))) ,
>> I have mentioned the 'stateful' comment in API doc, but still can't fix
>> the code below.
>> besides I have used DES for a lot, & never got stuck in such situation.
>> if __name__ == "__main__":
>> t = (modulus, publicExponent, privateExponent, prime1, prime2,
>> lst = [long(x,16) for x in t]
>> k = '1234'
>> e1 = RSA.construct(lst).encrypt(m, k)
>> e2 = RSA.construct(lst).encrypt(m, k)
>> assert e1 == e2 # passed
>> signature1 = PKCS1_v1_5.new(RSA.construct(lst)).sign(SHA.new(a2b(m)))
>> print binascii.b2a_hex(signature1)
>> signature2 = PKCS1_v1_5.new(RSA.construct(lst)).sign(SHA.new(a2b(m)))
>> print binascii.b2a_hex(signature2)
>> assert signature1==signature2 # why this assertion failed ?
>> Thank you in advance!
>> Wang Gang
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
> pycrypto mailing list
> pycrypto at lists.dlitz.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pycrypto