On Tue, Sep 27, 2016 at 12:21:52PM +0300, Georgi Guninski wrote:
Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
I have two distinct DSA keys k_1 and k_2, p_i are distinct 1024 bit primes and q_i are 160 bit primes (easily can be made larger). The other parameters of the keys are distinct, counting congruences.
On openssl 1.0.1t they produce exactly the same signature on a file:
$ openssl dgst -sha1 -verify key1.pub -signature file.txt.sig file.txt ; openssl dgst -sha1 -verify key2.pub -signature file.txt.sig file.txt Verified OK Verified OK
In addition I created with them two valid self signed x509 certificates.
The key owners can claim the other one made the signature, which appears crypto repudiation issue.
How to try the signatures in other scenarios?
Is this known?
Is this theoretical weakness in openessl 1.0.1t?
Is this a bug at all?
I tried this using two randomly generated DSA key pairs and couldn't reproduce your results. I got exactly what I would've expected - $ openssl dgst -sha1 -verify keyrandom.pub -signature test.sig test Verified OK $ openssl dgst -sha1 -verify keyrandom2.pub -signature test.sig test Verification Failure You sure your original DSA keys are unique?? This was openssl 1.0.2 on FreeBSD 10. John