Re: Invalid signature in attestation certificate

2017-01-19T11:35:17+01:00

Never mind. I've been informed that there's a set of six attestation certs with broken signatures. Seems there's nothing here to see.

Statistics: Posted by robn — Thu Jan 19, 2017 11:35 am

Invalid signature in attestation certificate

2017-01-19T08:21:21+01:00

I'm looking at an attestation certificate from a Yubikey Plus. The signature part (as shown by openssl asn1parse -dump) starts like this:

Code:

  268:d=1  hl=2 l=  11 cons: SEQUENCE
  270:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
  281:d=1  hl=4 l= 257 prim: BIT STRING
      0000 - 03 76 0e 36 95 65 ef 88-e9 04 28 04 d8 8f fa 5f   .v.6.e....(...._
      0010 - bd 5b 99 93 a3 12 46 8f-b1 74 96 12 96 a5 39 cc   .[....F..t....9.
  ...

In an ASN.1 BIT STRING, the first byte is the number of unused/padding bits at the end of the string.

According to RFC3477 s8.2.1: "Output: an octet string of length k, where k is the length in octets of the RSA modulus n."

Therefore, it is impossible to have a valid DER-encoded RSA PKCS#1 signature that has unused bits.

Is this certificate completely broken? Can you advise an approach for parsing it?

(for more info and the certificate in question, please see https://github.com/briansmith/webpki/pull/34).

Statistics: Posted by robn — Thu Jan 19, 2017 8:21 am

Yubico Forum

Re: Invalid signature in attestation certificate

Invalid signature in attestation certificate