Author

Topic: Paying to add RSA/SHA512 padding to a Javascript lib (Read 6711 times)

full member
Activity: 227
Merit: 100
yep I am happy if you are Cheesy
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
10btc heading graingert's way for his initial answer (which worked) and for helping me out later on IRC which helped to get me the rest of the way.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Above offer withdrawn, looks like I've got it figured out.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Can't tell, it's seems to be signing, that is it's kind of working, but the signature isn't verifying with openssl.

I'll send a bit of btc yourway graingert for getting the hash function to work.

Now however I have a related task, and 50BTC to the person who sorts this out for me.

That is, the signature can be verified using the public key and openssl on a server somewhere.

For bonus point get it working with openssl and ruby.

Code:
require 'openssl'
pubkey="fsdfsdf..."
#signature is the javascript signature
#data is whats signed
public_key=OpenSSL::PKey::RSA.new(pubkey)
public_key.verify( OpenSSL::Digest::SHA512.new, signature, data )

My experience is that openssl expects binary for the signature (at least that's what it outputs)
full member
Activity: 227
Merit: 100
did it work?
full member
Activity: 227
Merit: 100
ah I thought you'd want HEX to HEX hashing, but yes if you are using ASCII then use "ASCII"
sr. member
Activity: 322
Merit: 251
sorry that should be:

function sha512func(valueToBeHashed) {
try {
hashObj = new jsSHA(valueToBeHashed, "HEX");
return hashObj.getHash("SHA-512", "HEX");
} catch(e) {
}
}

and you'll need to import from http://jssha.sourceforge.net/



Actually, I think you'll want:

Code:
hashObj = new jsSHA(valueToBeHashed, "ASCII");

But I'm not sure.
full member
Activity: 227
Merit: 100
sorry that should be:
Code:
function sha512func(valueToBeHashed) {
    try {
        hashObj = new jsSHA(valueToBeHashed, "HEX");
        return hashObj.getHash("SHA-512", "HEX");
    } catch(e) {
    }
}
_RSASIGN_DIHEAD['sha512'] = "30..."; // Hexadecimal DigestInfo prefix for sha512
_RSASIGN_HASHHEXFUNC['sha512'] = sha512func; // function which returns sha512 value in hex.

and you'll need to import from http://jssha.sourceforge.net/

full member
Activity: 227
Merit: 100
and you'll need

function sha512func() {
try {
return hashObj.getHash("SHA-512", "HEX");
} catch(e) {
}
}

build yourself a hash obj using http://jssha.sourceforge.net/

throw me a few coins if you think it's worth it / it works : 163aFkTefqW3Ab8dJ3XvzkURigd7uTAP2d
full member
Activity: 227
Merit: 100
    _RSASIGN_DIHEAD['sha512'] = "30..."; // Hexadecimal DigestInfo prefix for sha512
_RSASIGN_HASHHEXFUNC['sha512'] = sha512func; // function which returns sha512 value in hex.
sr. member
Activity: 322
Merit: 251
I'm not quite sure what you need, but this library says it supports SHA512: http://jssha.sourceforge.net/

EDIT: Err, I was working on the same code graingert gave, so I'll just leave that to him then.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
I will be needing to sign some requests using RSA and SHA512 for padding in Javascript.

Here is the Javascript RSA lib http://www9.atwiki.jp/kurushima/pub/jsrsa/

However it doesn't do SHA512(doing only sha1 & sha256) for padding.

Here is what the page says about adding another hashing method.

Quote
How to add supported signature algorithms
The script "rsa-sign.js" currently supports SHA1withRSA and SHA256withRSA signature algorithms. However you can extend other signature algorithms such like MD5withRSA or SHA512withRSA by just specifying two variables in it.

_RSASIGN_DIHEAD['md5'] = "30..."; // Hexadecimal DigestInfo prefix for MD5 _RSASIGN_HASHHEXFUNC['md5'] = md5hex; // function which returns value in hex.


You can use any sha512 javascript function that works for this.

Please post your solution below and how much work was involved for you and I'll give you a payment you'll be happy with (not giving exact numbers, but I'm not known as someone who's mean or stingy).

Regards Nefario
Jump to: