Crypt::DSA question

[Chawmp]

Hi everyone,

This has been frustrating me for hours. I hope that someone has had some
experience with this, and can give me some advice. I can't find any
examples of this anywhere, and the module's documentation doesn't really
shed any light on the problem.

I've been trying to use Crypt:SA to sign a message, then to verify it
after it's been sent over the network.

I'm signing a message with
my $key = Crypt:SA::Key->new(
Type => 'PEM',
Filename => 'filename'); # load the key from disk

my $pub_key = $key->pub_key; # this is distributed to the clients

my $sig = Crypt:SA->new()->sign(
Message => $message, # $message is the message to sign/send
Key => $key); # sign it

Then sending $sig->r and $sig->s along with the message. This all appears
to work.

On the other side, I'm trying to verify it, using $pub_key from the
source...
my $key = Crypt:SA::Key->new();
$key->pub_key($pub_key); # setup the key object to contain the source's
public key

my $sig = Crypt:SA::Signature->new();
$sig->r($r); # fill out the signature's r and s values
$sig->s($s); # ($r and $s and $message are what were sent)

my $verified = Crypt:SA->new()->verify(
Message => $message,
Key => $key,
Signature => $sig); # try to verify the message

At this point, Math:ari croaks. Tracing shows that verify() is making the
following call:
my $u2 = mod_inverse($sig->s, $key->q);
Where $key->q is ''.

I realize that q is part of the public key - so shouldn't the pub_key()
method set it to something meaningful? If not (and it doesn't appear it
does, by looking at the source), do I need to work with each part of the
public key individually? If that's the case, what's the point of the
pub_key() and priv_key() methods?

I expect that I am just doing something wrong, or I haven't grasped the
whole concept, so I would be very grateful if anyone can explain what I'm
doing wrong, or what I need to do - or point me towards any examples of
Crypt:SA being used for signing/verifying.

I see that there's a Crypt::OpenSSL:SA module that I could probably use
instead, but I'd like to get this way working if at all possible.

Cheers

--
Chawmp

 

[duncdude]

I am not quite sure if this will help but here goes...

save this file as 'crypt1.pl'

$text = "Rodney";

$encrypted = crypt $text, "AB"; # set AB as the 'SALT' value

print "$encrypted\n";

save this file as 'crypt2.pl'

$encrypted = "ABLqLeOYoknzk"; # notice the 'SALT' value is the first 2 characters

$salt = substr($encrypted, 0, 2); # and we get the 'SALT' value here

print "Guess the word: ";

while (<>) {

chomp;

if ($encrypted eq (crypt $_, $salt)) {
print &quot;You got it!\n&quot;;
exit;
} else {
print &quot;Wrong.\n&quot;;
print &quot;Guess the word: &quot;;
}

}

regards
Duncan

 

[MikeLacey]

Hi Chawmp,

I know that these libraries are fairly well used and well thought of so, if this happened to me my first thought would be to look at the way I was using the library.

Firstly - is $key defined correctly for the call to the verify method?


Mike

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

It's like this; even samurai have teddy bears, and even teddy bears get drunk.

 

[duncdude]

the above example was just intended to serve as an example of how crypt works. the first script turns 'Rodney' into an encrypted string 'ABLqLeOYoknzk' - using the 'SALT' value 'AB'. the second example asks for the user to guess the original word - and exits if the user guesses correctly. the second script does not need to contain the word 'Rodney' but only the encrypted string. it is (virtually) impossible to work out what the original word was from the encrypted string making it a good security measure.

Duncan

 

[Chawmp]

Thanks for the replies, guys

duncdude, thanks for the example, but this isn't really what I'm trying to do. I'm trying to digitally sign a message so that it can be verified that the message was actually sent by the supposed sender, and not modified/corrupted.

Mike, I agree, I must be doing something wrong somewhere, but I can't see what. verify() is obviously trying to use parts of $key that I haven't initialized - but from the module's documentation, I can't see how I should be doing it.

Hmm

 

[duncdude]

I'm not sure if i'm missing the point but...

The 1st section is used to take a 'password' eg. Rodney and crypt it. This then results in a encrypted string eg. ABLqLeOYoknzk. This encrypted value alone can be used to make sure that the sender is verified without exposing the original 'password'.

Regards
Duncan

 

[mshoyher]

I played a little with Crypt:SA today for my own project and found that I cannot make it work. Overall it is very .. well .. cryptic.

So I switched to Crypt::OpenSSL:SA. This is your example

use Crypt::OpenSSL:SA;
my $dsa = Crypt::OpenSSL:SA->generate_parameters( 512 );
$dsa->generate_key;
my $sig = $dsa->sign($message);
$dsa->write_pub_key( '/tmp/key.dsa' );
my $dsa_pub =
Crypt::OpenSSL:SA->read_pub_key( '/tmp/key.dsa' );
my $valid = $dsa_pub->verify($message, $sig);

It works and it is much faster than Crypt:SA