Key Verification with 3rd party tools

[EricMiddelhove]

Hello everyone,

I have stumbled over this project a few days ago and plan to use it for signing requests to an API.
I quickly implemented the verification logic and got it working without any issues (code provided below).
However, now I am struggling to verify key generated by this create with other implementations of ed25519.

I have tried using openssl (OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024) to read generated pem and der files containing signing (private) keys. It fails when trying to read the key.

I have tried several online tools (https://cyphr.me/ed25519_tool/ed.html, https://ed25519.altr.dev/, https://crypto-online.cn/playground/ed25519/signature) to sign and verify the keys and signatures, where all tools work interchangeably.

My Questions:

• This is my first encounter with ed25519 and signing in general, am I missing something obvoius why this would not work?
  OR
• What tools have you used to verify the keys and signatures generated?

Here is my code for the verification:

fn verify_signature_from_bytes(body: &[u8], signature: &[u8; 64], verifying_key: &[u8; 32]) -> Result<(), SignatureError> {
    let ver_key: VerifyingKey = VerifyingKey::try_from(verifying_key.as_ref())?;

    let signature = Signature::try_from(signature.as_ref())?;

    ver_key.verify_strict(body, &signature)
}

#[cfg(test)]
mod tests {
    use base64::Engine;
    use base64::engine::general_purpose::STANDARD;
    use ed25519_dalek::{Signature, Signer, SigningKey};
    use rand::rngs::OsRng;
    use crate::authentication;
    use crate::authentication::{decode_signature, verify_signature_from_bytes};

    #[test]
    fn test_report_verified_signature() {
        let signature = &hex::decode("C013DBF24ACFEEC94F99563AD60B221E335352D8679C23ACBDD137FAA56537455BAC5936890A01416A70310AD5003D20D48C4F3054BE4C40806F5B669E219E0C").unwrap()[..64];
        let signature: [u8; 64] = signature.try_into().unwrap();

        let text = "abc".to_owned().into_bytes().into_boxed_slice();

        let ver_key = &hex::decode("05E70B273E824B95DCEA24D3BCE6400360C9F72398720D6E77B11FE8844A60D1").unwrap()[..32];
        let ver_key: [u8; 32] = ver_key.try_into().unwrap();

        let result = verify_signature_from_bytes(&text, &signature, &ver_key);

        assert!(result.is_ok())
    }

    #[test]
    fn test_report_unverified_signature() {
        let signature = &hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap()[..64];
        let signature: [u8; 64] = signature.try_into().unwrap();

        let text = "EXTERMINATE!!!".to_owned().into_bytes().into_boxed_slice();

        let ver_key = &hex::decode("05E70B273E824B95DCEA24D3BCE6400360C9F72398720D6E77B11FE8844A60D1").unwrap()[..32];
        let ver_key: [u8; 32] = ver_key.try_into().unwrap();


        let result = verify_signature_from_bytes(&text, &signature, &ver_key);

        assert!(result.is_err())
    }

    #[test]
    fn test_decode_signature_valid() {
        // A valid base64 encoded signature that decodes to 64 bytes
        let signature = STANDARD.encode([1u8; 64]);
        let result = decode_signature(&signature);

        assert!(result.is_ok());
        assert_eq!(result.unwrap(), [1u8; 64]);
    }

    #[test]
    fn test_decode_signature_invalid_length() {
        // A base64 encoded signature that decodes to less than 64 bytes
        let signature = STANDARD.encode([1u8; 32]);
        let result = decode_signature(&signature);

        assert!(result.is_err());
        assert!(result.unwrap_err().msg.contains("An invalid signature was provided"));
    }

    #[test]
    fn test_decode_signature_invalid_base64() {
        // An invalid base64 encoded string
        let signature = "InvalidBase64String!!!";
        let result = decode_signature(signature);

        assert!(result.is_err());
        assert!(result.unwrap_err().msg.contains("An invalid signature was provided"));
    }

    #[test]
    fn test_decode_signature_valid_non_zero_values() {
        // A valid base64 encoded signature with non-zero values
        let original_sig = [255u8; 64];
        let signature = STANDARD.encode(original_sig);
        let result = decode_signature(&signature);

        assert!(result.is_ok());
        assert_eq!(result.unwrap(), original_sig);
    }

    #[test]
    fn test_verify_signature_from_bytes_generated_keys() {
        // Generate a new keypair using the current crate version
        let mut csprng = OsRng;
        let sign_key: SigningKey = SigningKey::generate(&mut csprng);

        // Create a message to sign
        let message: &[u8] = b"Test message for signature verification";

        // Sign the message
        let signature: Signature = sign_key.sign(message);

        // Convert the signature and public key to byte arrays
        let signature_bytes: [u8; 64] = signature.to_bytes();
        let public_key_bytes: [u8; 32] = sign_key.verifying_key().to_bytes();

        // Verify the signature using the function
        let result = verify_signature_from_bytes(message, &signature_bytes, &public_key_bytes);

        // Assert that the verification passed
        assert!(result.is_ok(), "Signature verification failed");
    }


    #[test]
    fn test_verify_signature_from_bytes_generated_keys_with_invalid_signature() {
        // Generate a new keypair using the current crate version
        let mut csprng = OsRng;
        let sign_key: SigningKey = SigningKey::generate(&mut csprng);

        // Create a message to sign
        let message: &[u8] = b"Test message for signature verification";

        // Sign the message
        let signature: Signature = sign_key.sign(message);

        // Convert the signature and public key to byte arrays
        let mut signature_bytes: [u8; 64] = signature.to_bytes();
        let public_key_bytes: [u8; 32] = sign_key.verifying_key().to_bytes();

        // Tamper with the signature to make it invalid
        signature_bytes[0] ^= 0x01;

        // Verify the signature using the function
        let result = verify_signature_from_bytes(message, &signature_bytes, &public_key_bytes);

        // Assert that the verification passed
        assert!(result.is_err(), "Signature verification failed");
    }
}

Here is my code for the key generation which fails with openssl and the online tools

let signing_key = SigningKey::generate(&mut csprng);

    {
        let filename = "not_so_private_private_key.pem";

        let bytes = signing_key.to_scalar_bytes();

        let mut private_b64 = String::new();

        STANDARD.encode_string(bytes, &mut private_b64);

        info!("Debug signing (private) key: {}", private_b64);
    }
    {
        let verifying_key = signing_key.verifying_key();
        let verifying_key: [u8; 32] = verifying_key.to_bytes();

        let mut verifying_key_b64 = String::new();
        STANDARD.encode_string(&verifying_key, &mut verifying_key_b64);
        info!("Debug verifying (public) key: {}", verifying_key_b64);
   }

Thanks a lot, in advance, for your help!

[tarcieri]

You didn't include any examples of how you were attempting to use the keys.

I'm not aware of OpenSSL having any support for the 32-byte serialization of a compressed Edwards-y point you seem to be trying to use. The main formats OpenSSL understands are PKCS#8 for private keys, and SPKI for public keys, in either their DER or PEM serializations.

Due to #627 (lack of support for PKCS#8 v2 in OpenSSL) you may have trouble with PKCS#8 private keys, but SPKI public keys should work. You seem to want a text encoding, so I'd suggest PEM (which for SPKI begins with BEGIN PUBLIC KEY)

You can use this impl of the EncodePublicKey trait to do that: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.VerifyingKey.html#impl-EncodePublicKey-for-VerifyingKey

The EncodePublicKey::to_public_key_pem method should handle the encoding: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/pkcs8/trait.EncodePublicKey.html#method.to_public_key_pem

You'll need to enable ed25519-dalek's pkcs8 feature, when enabled the ed25519_dalek::pkcs8 module is available: https://docs.rs/ed25519-dalek/latest/ed25519_dalek/pkcs8/index.html

You can import the EncodePublicKey trait as use ed25519_dalek::pkcs8::EncodePublicKey.

Sorry there aren't better docs for this. Most things just use the raw 32-byte serialization and PKCS#8/SPKI support is relatively new, both in ed25519-dalek and OpenSSL, and it's also unfortunate that OpenSSL does not support the newer key format recommended by the relevant RFCs.

[EricMiddelhove]

Thanks a lot for your reply!
I just wanted to verify my sever side code (which is the code I provided), but could not get a verified signature. Generally I don't care about the serialization of the keys.
My use case would be to verify externally generated public keys and the corresponding signatures. Are there any specifics I need to worry when generating the keys and signatures?

[tarcieri]

You seem to be using verify_strict which may not work with certain signing implementations. Perhaps try using verify instead.