M2Crypto RSA.sign vs OpenSSL rsautl -sign

Question

M2Crypto and OpenSSL CLI doesn't seem to create the same digital signature. Here is the code that I use in Python:

import M2Crypto
rsa = M2Crypto.RSA.load_key("privkey.pem")
open("sig_m2crypto", "w").write(rsa.sign("md5-digest", "md5"))

Here is the command line with OpenSSL:

echo "md5-digest" | openssl rsautl -sign -inkey privkey.pem > sig_openssl

With the same input, the result of sig_m2crypto and sig_openssl are always different. The significance would be I can not verify signatures generated using M2Crypto with OpenSSL and vice versa.

Is there anything missing in my code that makes them not compatible with each other?

Additional info: I am using M2Crypto 0.21.1 and OpenSSL 1.0.0 under Windows 7.

Answer 1

try this:

echo -n "test" | openssl md5 -sign privkey.pem > sig_openssel

(the -n is important so that no additional newline is added after the string)*

and on the python side:

import M2Crypto
import hashlib
rsa = M2Crypto.RSA.load_key("privkey.pem")
digest = hashlib.new('md5', 'test').digest()
open("sig_m2crypto", "w").write(rsa.sign(digest, "md5"))

Now you sigs should be identical.

To see what's acutally in the signature file, you can use:

openssl rsautl -inkey privkey.pem -verify -in sig_m2crypto -asn1parse

and

openssl rsautl -inkey privkey.pem -verify -in sig_m2crypto -raw -hexdump

The correct signature contains information about the used digest, which isn't contained if you just use openssl rsautl -sign ...

*edit: at least on linux, as you're on windows i don't really know if you need it.