On Tue, Sep 27, 2016, 02:44 Georgi Guninski <guninski@guninski.com> wrote:
Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

I have two distinct DSA keys k_1 and k_2, p_i are distinct 1024 bit
primes and q_i are 160 bit primes (easily can be made larger).
The other parameters of the keys are distinct, counting congruences.

On openssl 1.0.1t they produce exactly the same signature on a file:

$ openssl dgst -sha1 -verify key1.pub -signature file.txt.sig file.txt ; openssl dgst -sha1 -verify key2.pub -signature file.txt.sig file.txt
Verified OK
Verified OK

In addition I created with them two valid self signed x509 certificates.

The key owners can claim the other one made the signature,
which appears crypto repudiation issue.

How to try the signatures in other scenarios?

Is this known?

Is this theoretical weakness in openessl 1.0.1t?

Is this a bug at all?

I think the bug is that openssl is silently ignoring parameters, because I'm pretty sure what you're doing is producing and verifying sha1 hashes, not cryptographic signatures. Which means your keys aren't entering the picture at all.
I