Skip to content
GitLab

RSA signature verification is failing in cryptography module signed by M2Crypto module

Signing a Message

import M2Crypto
import hashlib
rsa = M2Crypto.RSA.load_key("privkey.pem")
msg = "This is a secret"
digest = hashlib.new('sha1', msg).digest()
signature = rsa.sign(digest, "sha1")

Verification using M2Crypto

rsa = M2Crypto.RSA.load_pub_key( "pubkey.pem" )
rsa.verify(signature, digest)

Verification using cryptography module

from cryptography.hazmat.backends import default_backend 
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature
with open( "pubkey.pem", "rb" ) as key_file:
     pub = serialization.load_pem_public_key(                
          key_file.read(), backend=default_backend() )                    
     pub.verify(signature, digest,padding.PKCS1v15(),hashes.SHA1() )

Unfortunately, verification always fails when called in crytography module, with following error _OpenSSLError(code=67702888L, lib=4, func=145, reason=104)

After digging further down the line, it looks different module make different API calls, for example, M2Crypto calls RSA_verify whereas cryptograph module calls EVP_PKEY_verify function.

Cryptography Version: 1.5.3
M2Crypto Version: 0.21.1

NOTE: I've raised a similar issue to cryptography at https://github.com/pyca/cryptography/issues/4125

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information