Project

General

Profile

Actions

Bug #6122

closed

OpenSSL::PKCS7 verify

Added by mghomn (Justin Peal) almost 13 years ago. Updated about 12 years ago.

Status:
Closed
Target version:
ruby -v:
ruby 1.9.3p125 (2012-02-16) [i386-mingw32]
Backport:
[ruby-core:43111]

Description

not_after can not later than 2038-01-19 11:14:07

verify can pass wrong certificate

require 'OpenSSL'

class Rsa
attr_reader :key, :cert
@@sha = OpenSSL::Digest::SHA1.new
@@aes = OpenSSL::Cipher.new("aes-128-ofb")

def initialize serial, issuer=nil
  @key = OpenSSL::PKey::RSA.new(1024)
  @cert = OpenSSL::X509::Certificate.new
  @cert.version = 2   # RFC 5280 - v3
  @cert.serial = serial
  @cert.subject = OpenSSL::X509::Name.parse "CN=#{serial}"
  @cert.issuer = issuer==nil ? @cert.subject : issuer
  @cert.public_key = @key.public_key
  @cert.not_before = Time.now
  @cert.not_after = Time.mktime(2038, 1, 19, 11, 14, 7)   # second = 8 ==> Fail!
  @cert.sign(@key, @@sha) if issuer==nil
end

def sign key
  @cert.sign(key, @@sha)
end

def sign_encrypt(plain, obj_cert)
signed = OpenSSL::PKCS7::sign(@cert, @key, plain)
encrypted = OpenSSL::PKCS7::encrypt([obj_cert], signed.to_s, @@aes)
end

def decrypt_verify(received, obj_cert, ca_cert)
encrypted = OpenSSL::PKCS7.new(received)
decrypted = encrypted.decrypt(@key, @cert)
signed = OpenSSL::PKCS7.new(decrypted)
cert_store = OpenSSL::X509::Store.new.add_cert(ca_cert)
plain = signed.data if signed.verify([obj_cert], cert_store)
end
end

ca = Rsa.new(1)
alice = Rsa.new(11, ca.cert.issuer)
alice.sign ca.key
right = Rsa.new(12, ca.cert.issuer)
right.sign ca.key

fa = Rsa.new(3)
wrong = Rsa.new(33, fa.cert.issuer)

wrong.sign fa.key # Don't sign indeed!

plain = "Something's wrong."
signed_encrypted = right.sign_encrypt(plain, alice.cert)
recovered = alice.decrypt_verify(signed_encrypted, wrong.cert, ca.cert) # wrong should be right
puts recovered==plain ? recovered : "It's okay!"


Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #6571: Time.mktime Y2K38 problem on 1.9.3p125 i386-mingw32ClosedActions
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0