Re: Magic Signatures implementation in Perl

Thank you for your answers!

Yes, there is an OpenSSL wrapper on CPAN as well as Crypt::RSA, which
is based on PARI.
I tried these as well (although I always wanted as few dependencies as
possible),
but I didn't get it to work with some of the examples I found on the
web.

Today I tried to follow all steps using the implementation of the
MiniMe Microblogging tool [1] and most of all examples now work in my
implementation - in case I sign and verify against the magic envelope
data section instead of the signature base string.
The same seems to be true for one example from the salmon magicsig
reference implementation [2].
So, when I am using the payload instead of the signature base string
for M in [3] and [4] I can verify most of the examples I found.

Any idea what I am doing wrong or am I just misunderstanding the spec?

Thank you very much,
Nils

P.S. The github repository is not up to date regarding the signature -
as I think my implementation is still wrong.

[1] https://code.google.com/p/minime-microblogger/
[2] https://code.google.com/p/salmon-protocol/source/browse/trunk/lib/python/magicsig_hjfreyer/magicsig_test.py
[3] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
[4] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1

On 10 Nov., 16:49, Ben Laurie <b...@...> wrote:
> On 7 November 2011 15:18, John Panzer <jpan...@...> wrote:
>
> > Sorry to take so long to respond.  Yes, we definitely need correct examples
> > and also canonical data ... and a validator ... there has been some interest
> > in getting this set up (and there was a Java app running on AppEngine at one
> > point that did some of this) but I think other things have intervened.
> > I haven't done Perl in years.  Anyone?
> > I note that you're rolling your own RSA crypto code from BigInts; there's no
> > existing substrate library you can build on or check against?  I'd think
> > there'd be SOMETHING on CPAN...
>
> There;s a wrapper for OpenSSL on CPAN.
>
>
>
>
>
>
>
> > --
> > John Panzer / Google
> > jpan...@... / abstractioneer.org /  <at> jpanzer
>
> > On Tue, Oct 25, 2011 at 7:05 AM, Nils D. <nils.diew...@...> wrote:
>
> >> Hi everyone,
>
> >> I am afraid, I need some help with my MagicSignatures implementation
> >> in Perl.
> >> I started following the textbooks pretty straight and then adjusted it
> >> to come closer to real world examples I found in some test suites of
> >> other implementations.
>
> >> However, verification does not work - either because the final
> >> encoding messages do not match or
> >> the length of the signature is not equivalent to the length of the RSA
> >> modulus.
>
> >> It would be great to have an example with traces of all function input-
> >> outputs for the signing
> >> and verification flows followinghttps://www.ietf.org/rfc/rfc3447.txt
> >> so an implementor could see
> >> where he or she is wrong (with base64enc for binary data of course)!
> >> Is there something available like that?
>
> >> Or is there a canonical test suite an implementation has to pass?
> >> I read that there are lots of broken (against the spec)
> >> implementations out there which makes
> >> testing especially hard as you don't know, if the signature should
> >> really be verified.
>
> >> Oh - and ... well - it would be GREAT if someone could look in to the
> >> code and help me ...
> >> (the documentation should be okay, I believe).
>
> >> The signing/verification and the envelope construction can be found
> >> here:
>
> >>https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plug...
>
> >>https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plug...
>
> >> The (failing) test suites can be found here:
> >>https://github.com/Akron/Sojolicious/blob/master/t/MagicKey.t
> >>https://github.com/Akron/Sojolicious/blob/master/t/MagicEnvelope.t
>
> >> Thank you all!
> >> Nils