Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signature Verification Failure, can not do RSA.verifyPSS if change device #60

Open
cwangfr opened this issue Aug 24, 2023 · 3 comments
Open
Labels
help wanted Extra attention is needed

Comments

@cwangfr
Copy link

cwangfr commented Aug 24, 2023

Title:
Signature Verification Failure Issue

Description:
Background: I encountered an issue while using your library. I'm developing an application that involves data signing using fast_rsa.

Steps to Reproduce:

  1. Sign data Y using key X.private on Device A, generating signature Z.
  2. Copy the application from Device A to Device B.
  3. Attempt to verify signature Z as the signature of data Y using the same key X.public on Device B.

Expected Result: I expect the signature Z to be successfully verified on Device B, just like it is on Device A.

Actual Result: However, on Device B, the verification of signature Z fails.

Device and Environment Information:

  • Device A: Physical device Android 9
  • Device B: android-x89 emulator Android 9
  • Library Version: fast_rsa: ^3.6.1

Attempted Solutions:
I have tried regenerating the key pair and reinstalling the library, but the issue persists.

Code:
Future sign(String value) async {
var signature = await RSA.signPSS(
value, Hash.SHA512, SaltLength.AUTO, pkcs12KeyPair.privateKey);
var result = signature.replaceAll("+", "-").replaceAll("/", "
");
return result;
}

Future verifySign(String value, String sign) async {
sign = sign.replaceAll("-", "+").replaceAll("_", "/");
try {
await RSA.verifyPSS(
sign, value, Hash.SHA512, SaltLength.AUTO, _pkcs12KeyPair.publicKey);
} on RSAException catch (error, stackTrace) {
debugPrint(error.cause);
debugPrintStack(stackTrace: stackTrace);
return false;
}
return true;
}

** Exception **
I/flutter (13473): crypto/rsa: verification error
I/flutter (13473): #0 RSA._boolResponse
fast_rsa.dart:71
I/flutter (13473):
I/flutter (13473): #1 RSA.verifyPSS
fast_rsa.dart:374
I/flutter (13473):

Expected Result: I hope to achieve successful signature verification on Device B, similar to the behavior on Device A.

Actual Result: However, the signature verification fails on Device B.

flutter doctor -v
[√] Flutter (Channel stable, 3.10.6, on Microsoft Windows [版本 10.0.22621.2134], locale fr-FR)
• Flutter version 3.10.6 on channel stable at C:\flutter
• Upstream repository https://github.com/flutter/flutter.git
• Framework revision f468f3366c (6 weeks ago), 2023-07-12 15:19:05 -0700
• Engine revision cdbeda788a
• Dart version 3.0.6
• DevTools version 2.23.1

[√] Windows Version (Installed version of Windows is version 10 or higher)

[√] Android toolchain - develop for Android devices (Android SDK version 33.0.2)
• Android SDK at C:\Users\cc\AppData\Local\Android\sdk
• Platform android-33-ext5, build-tools 33.0.2
• Java binary at: C:\Program Files\Android\Android Studio\jbr\bin\java
• Java version openjdk version "17.0.6" 2023-01-17
• All Android licenses accepted.

[√] Chrome - develop for the web
• Chrome at C:\Program Files\Google\Chrome\Application\chrome.exe

[√] Visual Studio - develop for Windows (Visual Studio Community 2022 17.5.4)
• Visual Studio at C:\Program Files\Microsoft Visual Studio\2022\Community
• Visual Studio Community 2022 version 17.5.33530.505
• Windows 10 SDK version 10.0.19041.0

[√] Android Studio (version 2022.2)
• Android Studio at C:\Program Files\Android\Android Studio
• Flutter plugin can be installed from:
https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
https://plugins.jetbrains.com/plugin/6351-dart
• Java version openjdk version "17.0.6" 2023-01-17

[√] VS Code (version 1.81.1)
• VS Code at C:\Users\cc\AppData\Local\Programs\Microsoft VS Code
• Flutter extension version 3.70.0

[√] Connected device (4 available)
• Android SDK built for x86 (mobile) • emulator-5554 • android-x86 • Android 11 (API 30) (emulator)
• Windows (desktop) • windows • windows-x64 • Microsoft Windows [版本 10.0.22621.2134]
• Chrome (web) • chrome • web-javascript • Google Chrome 115.0.5790.171
• Edge (web) • edge • web-javascript • Microsoft Edge 116.0.1938.54

[√] Network resources
• All expected network resources are available.

• No issues found!

@jerson
Copy link
Owner

jerson commented Aug 25, 2023

Hi @cwangfr thanks for this

could you review those lines

var result = signature.replaceAll("+", "-").replaceAll("/", "");

and

sign = sign.replaceAll("-", "+").replaceAll("_", "/");

it seems on the first part
should be

var result = signature.replaceAll("+", "-").replaceAll("/", "_");

could you try that way please

@cwangfr
Copy link
Author

cwangfr commented Aug 25, 2023

Thank u for the reponse,
This line is a copy mistake.
The code in my project is right.
image

@cwangfr
Copy link
Author

cwangfr commented Aug 25, 2023

I redid some tests and found the following.
I prepared three devices.
Device A, Android Phone (arm64)
Device B, Android Emulator - Nexus_10_API_30 (x86)
Device C, Window 11 x64

Test 1, signed using device A, verified on device A, verification passed.
Test 2, signed using device B, verified on device B, verification passed.
Test 3, signed using device C, verified on device C, verification passed.

Test 3, signed using device A, verified on device B, verification failed.
Test 4, signed using device A, verified on device C, verification passed.

Test 5, signed using device B, verified on device A, verification failed.
Test 6, signed using device B, verified on device C, verification failed.

Test 7, signed using device C, verified on device A, verification passed.
Test 8, signed using device C, verified on device B, verification failed.

@jerson jerson added the help wanted Extra attention is needed label Nov 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants