My DSA signature won't verify... :-(
Hello,
I'm pretty sure I'm totally inept here but I can't get Sparkle to verify a DSA signed update archive. I'm running and building on 10.5.4 and using the GC dual-mode framework project from Bazaar revno: 219.
I generated the dsa keypair like the Sparkle 1.1 docs specify:
openssl dsaparam 2048 < /dev/urandom > dsaparam.pem
openssl gendsa dsaparam.pem -out dsa_priv.pem
openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem
That's cool. I've got my keypair. Then I add the proper keys to my Info.plist and drop a copy of "dsa_pub.pem" in MyApp.app's "Resources" folder:
<key>SUExpectsD
<true/>
<key>SUPublicDS
<string>
No problems there. Next I generate a base64 encoded, dss1 signature of the sha1 hash of the MyApp.tgz archive (that's a mouthful). Then add that as a Sparkle extension attribute on the enclosure element in my appcast xml. I use the commands in the Sparkle 1.1 docs again - no sweat!
openssl dgst -sha1 -binary < ~/MyApp.tgz \
| openssl dgst -dss1 -sign ~/dsa_priv.pem \
| openssl enc -base64
MCwCFEpg2+
sparkle:
Then I update MyApp.app and Sparkle complains "The update is improperly signed."
Ahh. Damn! Ok. So I do my own verification. First I spit out the signature (without base64 encoding) to a file:
openssl dgst -sha1 -binary < ~/MyApp.tgz \
| openssl dgst -dss1 -sign ~/dsa_priv.pem > ~/sig.txt
Gotcha! Now I see if I can verify the signature with my public key:
openssl dsgt -sha1 -binary < ~/MyApp.tgz \
| openssl dgst -dss1 -verify ~/dsa_pub.pem -signature ~/sig.txt
Verification OK
Ok! So that works out ok. Now I'm stuck. I walked through the code with Sparkle Test App and the Debug framework and it failed to verify there also. I confirmed it's getting the public key and the signature and all the basic stuff. My tiny brain starts burn up when I get close to the cryptographic stuff in NSFileManager+
Do you see anything glaringly wrong with what I'm doing here? I'm lost on this now.
Thanks,
-Chad
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Sparkle Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask cstanke for more information if necessary.