Re^3: RSA encryption for (Ducth) iDeal payment

First a couple of comments.

If you use <code> . . . </code> it will help all of us understand your code vs. data better.
I hinted at the response about 2 different answers to help you understand how difficult de/encryption is. What I wanted to demonstrate was the carriage return that was returned by openssl. If you unpack your answer

unpack ("H40", $digest);

you'll see we did get the same result. My answer was printable hex, and your answer was the raw hex characters. Good for computers, bad for people viewing the results. But that result may have to be chopped or converted before it can be used as input into the next step.
This is a nit, but using the word 'byte' ( 8 bits ) is preferred over 'chars' ( re. utf8 ).
20 bytes is exactly 160 bits.
20 chars may be 160 bits, 320 bits, 480 bits, etc.

I googled your question, and found many people asking the same question as you, so you're not alone with the confusion about step 2. I did see a reference to 32/64 bit hardware and another about network order bytes(big-endian). I believe openssl removes those dependences.

"Well done is better than well said." - Benjamin Franklin

Comment on Re^3: RSA encryption for (Ducth) iDeal payment Download Code

Replies are listed 'Best First'.
Re^4: RSA encryption for (Ducth) iDeal payment by flexvault (Monsignor) on May 06, 2011 at 15:03 UTC
Nothing like replying to your own post, but I am looking at the description of the process in the Dutch manual. It looks like you need a copy of their test "cert.pem" and test "test.sig" files to get the exact results they show. the openssl command allows you to specify -in for input file and -out for output file. Much better than the example below. I think they have the message in a file (./test), and should be cating the file for input to openssl. I think -in and -out would be easier to manage ( but that's your call! ) `echo "test" \| openssl dgst -sha1 -verify cert.pem -signature test.sig` The process (from the Dutch manual) seems to be: Generate message ( your $string ) get SHA1 of message encrypt SHA1 160 bit (20 karakters) with your private DES 1024 bit key (cert.pem) and sign with signature (test.sig). Nice that they show you the result, but without the exact files "cert.pem" and "test.sig", you will not get their result. You may be working but can't prove it with-out the above files. Also they will need your public key in order to verify the signature and decrypt the message. Looks to me, you will need help from their IT dept to verify that it works. Sorry about the "byte" comment, I assume you were just translating "karakters" to "chars". "Well done is better than well said." - Benjamin Franklin	[reply] [d/l]

Replies are listed 'Best First'.

Re^4: RSA encryption for (Ducth) iDeal payment
by flexvault (Monsignor) on May 06, 2011 at 15:03 UTC

Nothing like replying to your own post, but I am looking at the description of the process in the Dutch manual. It looks like you need a copy of their test "cert.pem" and test "test.sig" files to get the exact results they show. the openssl command allows you to specify -in for input file and -out for output file. Much better than the example below. I think they have the message in a file (./test), and should be cating the file for input to openssl. I think -in and -out would be easier to manage ( but that's your call! )

echo "test" | openssl dgst -sha1 -verify cert.pem -signature test.sig

The process (from the Dutch manual) seems to be:

Generate message ( your $string )
get SHA1 of message
encrypt SHA1 160 bit (20 karakters) with your private DES 1024 bit key (cert.pem) and sign with signature (test.sig).

Nice that they show you the result, but without the exact files "cert.pem" and "test.sig", you will not get their result.

You may be working but can't prove it with-out the above files. Also they will need your public key in order to verify the signature and decrypt the message.

Looks to me, you will need help from their IT dept to verify that it works.

Sorry about the "byte" comment, I assume you were just translating "karakters" to "chars".

"Well done is better than well said." - Benjamin Franklin

[reply]
[d/l]