I am having a problem getting SAM AV2 to verify my PKI signature PKI _VerifySignature. Keeps returning a 901E response (Encryption error).
However when I verify the same signature/hash in OPenSSL I get Verified OK (see below).
Note: I loaded my Public Key used for signing in the SAM successfully using the PKI_ImportKey command.
I have managed to verify successfully a SAM PKI_SendSignature output test signature with OPenSSL the output of the SAM PKI_SendSignature command. So strangely I can verify the SAM signature but the SAM refuses to verify my signature (a file that OpenSLL can verify).
The signed data I am using are as follows:
data.txt contains the string "0123456789ABCDEF" (16 bytes)
The following command verified the output from the SAM which according to the spec uses RSAPSS.
OpenSSL> dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify sam-041f378a4a4f80_PK.pem -signature testSigfromSam.hex.bin data.txt
The following command verified the output I created (in python) for the same data signed with my public key and is currently being rejected by the SAM.
OpenSSL> dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify unuTestPublic.pem -signature TestHostSignedData.bin data.txt
Question: can NXP or community give me a python, java script or OpenSSL command line/code snippet that will generate a signature file that the SAM AV2 will accept. I am certain I am complying with RSA PSS padding as mentioned in Spec.
// Python used to create the signature crypto file
key = RSA.importKey(open('unuTestPrivate.pem').read(), passphrase='AGgull404')
h = SHA256.new(message)
signature = PKCS1_PSS.new(key,mgf1,32).sign(h)
print "Input data hash="+binascii.hexlify(h.digest())