Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

P256 signatures don't verify? #851

Closed
paulehoffman opened this issue Jan 28, 2025 · 4 comments
Closed

P256 signatures don't verify? #851

paulehoffman opened this issue Jan 28, 2025 · 4 comments

Comments

@paulehoffman
Copy link
Contributor

Greetings. I'm doing some simple signing and verifying with P256 keys and am failing even in trivial cases.

from Crypto.Hash import SHA256
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
msg = SHA256.new(b"abc")
a_priv = ECC.import_key(open("private/k-p256-private.der", mode="rb").read())
a_pub =  ECC.import_key(open("private/k-p256-public.der", mode="rb").read())
a_signer = DSS.new(a_priv, "fips-186-3")
a_signature = a_signer.sign(msg)
a_verifier = DSS.new(a_pub, "fips-186-3")
a_verifier.verify(msg, a_signature)

In fact, an even more trivial case fails:

a_signer.verify(msg, a_signer.sign(msg))

Given the lack of exception text for .verify, I can't tell if there is something simple I'm missing, or if the verification just doesn't work. Any clues would be appreciated, and I'll feed anything I get back into the documentation.
@Legrandin
Copy link
Owner

Can you clarify what error you get? Are you sure that private and public keys really match?
I tried that code and it works (no exceptions, as signatures are valid).

@paulehoffman
Copy link
Contributor Author

paulehoffman commented Jan 29, 2025
edited
Loading

My apologies. I was testing this in the REPL and was misinterpreting the results. a_verifier.verify(msg, a_signature) returns False, even if it doesn't cause an exception. I was looking at the return, not the exception state.

So, I'll turn this issue into a doc request: say that verify() returns False regardless of whether the verification worked. Or, better, explain why "False" was chosen for the return.

@Legrandin
Copy link
Owner

Returning a boolean as the signature verification result was actually the old behavior and it led to security issues because it is not always clear what the right value should be (is True an indication of error or success? One needs to always check the documentation each time).
Having the result not documented is actually done on purpose.

@paulehoffman
Copy link
Contributor Author

The first part makes a bit of sense, but the verb "verify" is pretty clear what the result would mean.

The second part is antithetical to the purpose of documentation. Please consider adding "The result is undefined; verification failure is only represented by an exception."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Legrandin @paulehoffman