-1

I'm currently learning about how the Certificates Signing Requests (csr) work. The contents of my csr looks like this

openssl req -text -noout -verify -in  bobsbooks.com.csr
verify OK
Certificate Request:
Data:
    Version: 0 (0x0)
    Subject: C=UK, ST=Hampshire, L=Southampton, O=Bob's books Ltd, OU=IT Department, CN=bobsbooks.com/emailAddress=admin@bobsbooks.com
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
            Public-Key: (2048 bit)
            Modulus:
                00:94:e6:c2:33:ee:e0:67:c9:aa:e8:ff:82:07:40:
                0e:91:ca:19:ea:b2:98:2a:87:b7:1a:ce:c7:d3:3b:
                e3:a9:39:9d:8d:7f:e6:26:84:70:4a:a8:49:97:e9:
                37:72:07:98:58:77:98:03:a7:fd:0f:9e:0d:7f:f6:
                d7:84:ac:40:79:2b:bd:62:18:da:75:f3:e8:5e:33:
                48:82:e4:c2:91:0b:81:74:11:cd:d4:3c:f2:60:f6:
                de:a2:32:97:fd:8c:73:53:6e:fe:33:6c:28:2b:d0:
                e9:9f:af:dc:b3:c6:30:04:bb:e0:e5:41:d8:4b:78:
                b9:0b:53:b2:32:c4:33:62:e0:11:cc:b7:59:26:96:
                95:82:ca:0e:22:37:70:ca:06:9f:1d:27:41:6d:b4:
                64:c6:1b:09:8e:85:72:e0:72:54:1e:eb:ee:d7:54:
                d6:b9:98:99:61:46:1b:1c:da:2d:35:8a:0a:59:bf:
                fe:e9:bd:92:5b:52:74:44:ab:1d:a0:6c:2d:6d:a2:
                6b:d1:ce:ed:ca:ce:a6:0a:d4:4a:14:22:4c:bb:f9:
                1b:e8:8f:74:32:f2:12:4b:6c:54:e4:35:b0:bf:e1:
                3b:83:f0:57:da:55:be:5e:38:03:c2:2c:36:8c:19:
                e0:e5:af:91:67:38:4d:7a:10:04:3d:e2:72:c9:3e:
                eb:ed
            Exponent: 65537 (0x10001)
    Attributes:
        a0:00
Signature Algorithm: sha256WithRSAEncryption
     67:0a:00:b3:62:36:13:e6:c6:ef:04:10:5b:ec:1f:54:fe:55:
     c1:50:30:bc:ca:ae:c6:61:a4:44:9d:98:d5:9b:84:a0:93:60:
     6b:83:02:62:a3:73:96:10:55:f3:90:9e:85:00:22:78:0a:1f:
     45:1c:d0:e6:03:8a:35:72:ce:44:66:08:19:65:44:d7:12:5d:
     00:0a:b9:db:3b:1f:a7:a6:fa:a9:84:f5:3a:61:5f:14:48:89:
     37:37:b4:b0:1f:51:48:2d:02:6b:f4:ff:6b:4d:d3:56:c5:2e:
     43:46:67:6a:cc:be:07:86:b3:82:12:4c:06:67:33:35:5e:63:
     b0:76:33:13:1f:85:70:d9:b6:1e:b3:76:ee:f3:54:40:09:a8:
     60:bc:35:21:cd:1e:bc:bb:49:c8:10:ae:11:03:c9:d2:fa:7c:
     40:9a:53:08:d6:7e:08:9b:be:43:9a:60:79:25:14:7f:5e:6d:
     81:45:2f:39:89:91:3d:8b:8e:3b:84:9c:50:e4:40:88:e1:82:
     cb:5d:3f:af:13:2c:d0:34:3d:c3:e7:35:11:f3:ac:70:1d:b5:
     2e:ae:d6:35:5c:45:75:5c:b5:81:82:a5:c4:73:4e:8a:09:1f:
     5c:44:b7:73:42:d7:68:a0:e2:30:91:4d:29:04:32:e2:1e:bc:
     12:37:74:00

What I'm trying to figure out is how the signature block (Signature Algorithm: sha256WithRSAEncryption) has been generated. My understanding is that it is the hash of the public key that that has been encrypted by the private key, i.e.:

$ sha256sum bobsbooks.com.public.key | openssl rsautl -inkey bobsbooks.com.private.key -sign | hexdump
0000000 574e 10f5 3a49 5784 25cc 7b06 c234 6ecf
0000010 adb2 9011 9332 e9e7 8dbf 7b10 c7d1 707e
0000020 aaf3 10b1 9497 32a6 d943 5b68 caba 8e5c
0000030 507d 24c7 76bb ab19 d5d7 e653 51e1 f54a
0000040 2a56 7f14 360d 15a9 767b 736a 16bc c3d8
0000050 8cb9 be7a 5ebe 701f 86ef ca5d cfd9 f035
0000060 0b5a 71ac fec4 c5cd 015e 643b 541e 6e5c
0000070 266b 5c33 98d6 db99 2431 d98e d591 04d1
0000080 4479 c85b e180 648b e71c b164 de14 6f33
0000090 fcb1 c2f6 3cc7 61ea 6f0f ab93 a1ad 5ba2
00000a0 af61 addd 4e5e 949e f38b e454 45f7 d12a
00000b0 5dfe 8bc3 b166 e4a0 8075 aa55 2089 49e4
00000c0 1a1d f137 d82b cb47 c0aa 0b14 a897 7879
00000d0 13e2 7c0a 6455 92a6 f9c7 b607 d52b ec07
00000e0 1c66 b9cb d055 ee0b 27b5 fabb 9191 8eb9
00000f0 104c 8ee2 cd81 02b9 d2a9 7502 99bd dbe1
0000100

But that output of this looks nothing like the signature. I must be

Sher Chowdhury
  • 127
  • 1
  • 7
  • 'My understanding is that it is the hash of the public key that that has been encrypted by the private key': your understanding is incorrect. Where diid you get this minisformation? It doesn't even make sense. Why the encryption step for example? And what would such a signature prove? – user207421 Mar 10 '18 at 22:12
  • Dupe https://stackoverflow.com/questions/39842014/how-is-the-csr-signature-constructed and https://security.stackexchange.com/questions/58717/what-part-of-the-csr-is-hashed-in-order-to-create-its-signature and maybe https://stackoverflow.com/questions/24609310/how-does-csr-signing-work and see also https://stackoverflow.com/questions/38767660/multiple-openssl-rsa-signing-methods-produce-different-results. Also note some signature schemes are deterministic but some are not so simply failing to produce the same signature is not evidence, although in this case you are in fact wrong. – dave_thompson_085 Mar 10 '18 at 22:21
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Cryptography Stack Exchange](http://crypto.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Mar 11 '18 at 23:35

1 Answers1

2

The best way to solve your doubts is to refer to RFC 2986 - PKCS#10 Certification Request Syntax

CertificationRequest ::= SEQUENCE {

       certificationRequestInfo CertificationRequestInfo,
       signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
       signature          BIT STRING
  }

The signature process consists of two steps:

  1. The value of the certificationRequestInfo component is DER encoded, yielding an octet string.
  1. The result of step 1 is signed with the certification request subject's private key under the specified signature algorithm, yielding a bit string, the signature.

So it is signed the entire CSR, not only the public key.

Community
  • 1
  • 1
pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Also that CSR uses RSASSA-PKCS1v1_5 which is not what `rsautl -sign` does; see security #58717 as I commented on the Q or the links at https://stackoverflow.com/questions/38767660/multiple-openssl-rsa-signing-methods-produce-different-results – dave_thompson_085 Mar 10 '18 at 22:14