ruby - 使用 Ruby OpenSSL 验证非散列数据的签名

Question

我有一个 RSA 公钥、一些数据和该数据的签名。我需要验证签名。然而，签名不是数据的摘要，而是整个数据的签名。 (数据本身只有 16 个字节，因此签名者在签名之前不必费心对数据进行哈希处理。)我可以通过在初始化上下文时指定 NULL 引擎来验证 C 中的签名:

EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(verify_key, NULL);

但是，我无法在 Ruby 的 OpenSSL::PKey::PKey 验证方法中找到等效方法。该方法需要一个 Digest 对象，而且我找不到 Digest，它实际上并不散列，而是按原样返回数据。我尝试创建自己的 Digest 子类，但我认为这行不通，因为底层 OpenSSL 库不知道自定义摘要类型的存在。

鉴于我无法修改签名者运行的代码，我是否卡住了，或者是否有解决此问题的方法？

Answer 1

总结评论中的答案以便从“未回答”过滤器中删除此问题...

owlstead :

Have you tried to find a function like public_decrypt? It may work, as normally you should not encryption with a private key and decrypt with a public key. With a bit of luck it will accept the signature version of PKCS#1 padding (note that the padding used for encryption and signing is different in PKCS#1).

Wammer :

Of course - decrypting the signature with the public key and verifying that it matches the data works fine. So far this is working fine with the standard PKCS#1 padding, but I'll do some more research to see if the differing encryption and signing paddings are a problem in practice. Thanks.

owlstead :

After a decrypt and validation of the padding, all that is left is a (if possible, secure) compare. So that would replace the verification function pretty well. Most of the security is in the modular arithmetic and padding.