OpenSSL: Call X509_verify_cert on a certificate with OIDs unknown to openssl

Question

I have a DS and a csca certificate that contain special OIDs from the BSI. They are:

0.4.0.127.0.7.4.1.1 ECDSA with SHA1 (BSI)
0.4.0.127.0.7.4.1.2 ECDSA with SHA224 (BSI)
0.4.0.127.0.7.4.1.3 ECDSA with SHA256 (BSI)
0.4.0.127.0.7.4.1.4 ECDSA with SHA384 (BSI)
0.4.0.127.0.7.4.1.5 ECDSA with SHA512 (BSI)

openssl does not seem to know them so when calling X509_verify_cert() I get this error:

stdin: C = DE, O = MyFooBar, OU = Document Signer, CN = foobar ds
error 7 at 0 depth lookup:certificate signature failure
28308:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:.\crypto\asn1\a_verify.c:159:

I am not a crypto nor an openssl expert, but I know that there are other OIDs for "ECDS with SHAxy" that are known to openssl. Would it be possible to just replace the OIDs in the certificate so that openssl applies the correct algorithms? Or this there a way to "configure" openssl and make it "learn" new OIDs? Thanks!

Chances are the answer is "no", but I'm gonna look up the details. — SEJPM, Mar 17 '17 at 12:49
Actually, asking "can I safely replace the OIDs in theory" is on-topic here while "how do I do this with $library" (as a next step?) would be on-topic on SO but off-topic here. — SEJPM, Mar 17 '17 at 12:59

score 2 · Answer 1 · answered Mar 17 '17 at 13:43

Would it be possible to just replace the OIDs in the certificate so that openssl applies the correct algorithms?

No, this would alter the certificate and thus invalidate its signature, meaning you'd get a certificate error anyways with strategy.

However, I have searched around and by the looks of it, it's a "custom" version of the normal BSI issued ECDSA identifiers.

Normally, the OID-parent issued for plain ECDSA (BSI PDF) is 0.4.0.127.0.7.1.1.4.1, which makes sense because it is sorted under "algorithms -> id-ecc -> signatures -> 1 (ECDSA-plain)" under the BSI root node. Also note how this website says that 0.4.0.127.0.7.4 is unassigned, which means somebody could indeed have just used it "as a shortcut" to the desired signature algorithms.

Now there is one authoritative other mention, somewhere in the Doc 9303 series issued by ICAO for machine-readable travel documents, however I was not able to find this definition (and indeed there were no OIDs in the document where they allegdly were and the author making this reference left no contact info in his paper).

TL;DR: Chances are that this means that plain ECDSA with SHA-X was used and so I think standard ECDSA verification is worth at least a try.

OpenSSL: Call X509_verify_cert on a certificate with OIDs unknown to openssl

1 Answers1