0

I have received a string which is supposed to be a cryptographic signature. I have access to a certificate which should let me verify the signature. However, I am rather confused about the structure of the signature.

I was expecting a byte string, likely base64-encoded. Instead, I received three lines, each 255 characters long, comprised of hex characters, and padded with trailing or leading zeroes.

Unfortunately, I have very little and somewhat uncertain information:

  • Payload: "Hello Crypto World"
  • Hashing Algorithm: SHA256
  • Crypto Algorithm: RSA (not certain)
  • PKCS7 is likely involved

The following is roughly the structure of the signature. Note that the string contains mostly random hex characters. I preserved only the length of the (non) padded sections. And I discovered that the first line contains the payload, so I preserved that part also. Since I am uncertain about this string, I don't want to risk potentially publishing a private key, that's why the rest is just random hex characters.

1342120FF49C008D19FCA5208C216A8C69E11DE084442AA66B786A0F010766BE82238BEE9BAB9B9DA085E89A41BE8B660A109582F2782987780C6CEB5F85AE1D0A48656C6C6F2043727970746F20576F726C6400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005518C31F61B521823A97E4995D0F4E85B432A73FC0FD098B489D2C9AC533E19BA253AF93D275D906A043975FA03B86A15D993B944DCBF135156A378163E38
042669BAF26B40FA9EDD9460D089DB1725778EB9304CA3034291C21CFB5B750000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

In python this is how I discovered the payload in the first line.

>>> bytes.fromhex(line_one + "0")
>>> b'...Hello Crypto World\x00\x00...'

Note that it was necessary to append the line with another character ("0") as the line is only 255 characters long which wouldn't translate to full bytes.

I have played around with a python crypto library (pycryptodome) trying to make sense of this, to no avail. I have googled, particularly regarding PKCS7, but couldn't quite make sense of this either.

Using the same crypto library I was able to unpad each line, which simply stripped away some of the trailing zeroes leaving me with only 207 instead of 255 characters.

My Questions
What kind of format is this?
How can I turn this into or extract only the signature part (byte string, base64 string)?

Any help to steer me in the right direction is greatly appreciated.

Glorfindel
  • 230
  • 1
  • 2
  • 10
pmlk
  • 101
  • openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 > key.pem, echo "Hello Crypto World" >m, openssl sha256 -binary <m >mh, openssl pkeyutl -sign -pkeyopt digest:sha256 -in mh -inkey key.pem -out sig, openssl pkeyutl -verify -pkeyopt digest:sha256 -in mh -sigfile sig -inkey key.pem. The sig should be 384 bytes or 768 hex chars. But the number of 0 in your is suspicious. –  Jun 13 '19 at 13:10
  • Can you shed some light on the background for this - is this some crypto crackme/riddle/school work? With your data being fuzzed it's impossible to experiment in order to help you out and I have my doubts that this is some kind of known standard format. PKCS#7 could be a clue as to the structure of your data, or it may just point to PKCS#7 padding once the data is decrypted. Why is everything so uncertain? – Johann Aydinbas Jun 19 '19 at 07:16
  • This is actually for a production system. The software we're using offers capabilities to sign payloads and verify signatures. However, documentation is very scarce or non-existent. It seems the signing/verification is only supported for within that system or between two of the same type of systems. We're trying to communicate with the outside world (HTTPS) and verify the sender's/system's identity. We can get a signature of a known payload (as seen above), but can't make much sense of it. We have since moved on to a workaround, using a separate program to take care of the signing. – pmlk Jun 19 '19 at 08:29
  • I'd probably just reverse engineer the code in the software to find out what's up with the 3 lines, unless that proves difficult (virtualized code or similar) given all the uncertainties. Is the software publicly accessible (legally)? – Johann Aydinbas Jun 20 '19 at 15:29

0 Answers0