Skip to content

Instantly share code, notes, and snippets.

@mkwatson

mkwatson/README.md

Last active September 14, 2017 17:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mkwatson/4dfaeded3408f02ec911894fd45f8ee7 to your computer and use it in GitHub Desktop.
Save mkwatson/4dfaeded3408f02ec911894fd45f8ee7 to your computer and use it in GitHub Desktop.
Download ZIP
Verifying and Decrypting notes
Raw
README.md

Generate data

This is handled by AT&T, but we can replicate it for development and testing

Generate self-signed key and certificate

Used for signing the data.

Bash command:

> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

MD5 hash input data

Where data = "nonce=neustarfakenonce;expire=151416000000;x-up-calling-line-ID=14158186834;x-up-sub-no=123456789;x-up-sgsg-ip=107.77.214.154"

Bash Command:

> md5 -s "nonce=neustarfakenonce;expire=151416000000;x-up-calling-line-ID=14158186834;x-up-sub-no=123456789;x-up-sgsg-ip=107.77.214.154"

Output:

MD5 ("nonce=neustarfakenonce;expire=151416000000;x-up-calling-line-ID=14158186834;x-up-sub-no=123456789;x-up-sgsg-ip=107.77.214.154") = 7370e7886ca4243a6615deb97b014c4a

Encrypt data

Using the key: "FEA5C1C4F360106BDDDE64A1D39CF4F2" (this is a secret key that I generated and have only used for this, the real key should be provided by AT&T and securely stored)

And initialization vector: "973F742746A6575ED71C2BC29FE4EE97"

Bash Command:

> echo "md5sum=7370e7886ca4243a6615deb97b014c4a;nonce=neustarfakenonce;expire=151416000000;x-up-calling-line-ID=14158186834;x-up-sub-no=123456789;x-up-sgsg-ip=107.77.214.154" | openssl enc -aes128 -K FEA5C1C4F360106BDDDE64A1D39CF4F2 -iv 973F742746A6575ED71C2BC29FE4EE97 |xxd -p

Output:

342624dd08dca08e70a7ada37e4b48191231699df1828d3fcc89a29ff10c
1a6df587c38e3fc31924a25e7a7bb2b243c684d84b122b312cc311000aa4
cf6276a7192ca45f27a8bf1ffbdaab19b5211f36b3946ef815a4100acdf4
b2170b8c3ed0d743fa9d590796a56640ec79d27cb9b97dac87f0f2c2aba7
f74439206a2f6e9b3db35072e24b867a30ae50ab88d8b3ce93375525883e
7314ff3be448ef164a6a87853932cb401df0c3b5cbdaa40dbfea

Sign encypted blob

Bash command:

> echo "342624dd08dca08e70a7ada37e4b48191231699df1828d3fcc89a29ff10c1a6df587c38e3fc31924a25e7a7bb2b243c684d84b122b312cc311000aa4cf6276a7192ca45f27a8bf1ffbdaab19b5211f36b3946ef815a4100acdf4b2170b8c3ed0d743fa9d590796a56640ec79d27cb9b97dac87f0f2c2aba7f74439206a2f6e9b3db35072e24b867a30ae50ab88d8b3ce93375525883e7314ff3be448ef164a6a87853932cb401df0c3b5cbdaa40dbfea"|openssl smime -sign -outform der -signer cert.pem -inkey key.pem -nodetach | base64

Output:

MIIKvwYJKoZIhvcNAQcCoIIKsDCCCqwCAQExCzAJBgUrDgMCGgUAMIIBdQYJKoZIhvcNAQcBoIIBZgSCAWIzNDI2MjRkZDA4ZGNhMDhlNzBhN2FkYTM3ZTRiNDgxOTEyMzE2OTlkZjE4MjhkM2ZjYzg5YTI5ZmYxMGMxYTZkZjU4N2MzOGUzZmMzMTkyNGEyNWU3YTdiYjJiMjQzYzY4NGQ4NGIxMjJiMzEyY2MzMTEwMDBhYTRjZjYyNzZhNzE5MmNhNDVmMjdhOGJmMWZmYmRhYWIxOWI1MjExZjM2YjM5NDZlZjgxNWE0MTAwYWNkZjRiMjE3MGI4YzNlZDBkNzQzZmE5ZDU5MDc5NmE1NjY0MGVjNzlkMjdjYjliOTdkYWM4N2YwZjJjMmFiYTdmNzQ0MzkyMDZhMmY2ZTliM2RiMzUwNzJlMjRiODY3YTMwYWU1MGFiODhkOGIzY2U5MzM3NTUyNTg4M2U3MzE0ZmYzYmU0NDhlZjE2NGE2YTg3ODUzOTMyY2I0MDFkZjBjM2I1Y2JkYWE0MGRiZmVhDQqgggXhMIIF3TCCA8WgAwIBAgIJAM9WoPlJ2WyqMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyMB4XDTE3MDkwNzIxMDcxNloXDTE4MDkwNzIxMDcxNlowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQKEwdOZXVzdGFyMSQwIgYJKoZIhvcNAQkBFhVtLndhdHNvbkB0ZWFtLm5ldXN0YXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXxgpad8EePxcnW82s9CEU6UpKTzN9t/GCklY+aUYPpNHF6F4pkNfOWvUDhSHDNs/yt3lfo7miDvXB/t08O9P99WW7fHVuAsNTrsp0nPT4Jo/Ej8JEHy34UOf/Y3KxxHuXPNCrHBNleMNC0EXvx7ZWlDWpVNMH+EHNx0Jx5Pfp/65BkxHtR5Hve5lIHJuvAH/SxqiDCs8hAg52tbqr5QBYUa+CkRwxJCCQc+tZodi0Cn8dHmv8IdPicU7gt56vjQafI7WYOYA7SqqAYhbAgsf35TB4RAtkf6lZCiRIeORiXICGRD7VLXbkgiLCAgCFoe/SPnWFQzZ2T7n4EcGjp4+Agv4pjHEe6+/3crwpYc4AAoj/7kcNiK+4V55fPyTU8DhWxHf0/A6vMQF4BNXxoHPIIb2qvc+4gVkOrkRneyxTZvYJWs5WkG6Or0GPK42+Vxv1h7Q+W+KdoUfq2RO878VL9JGvNgPwE6j20wL+Dq47c9xElvbh0VN1pDDY3dKnK2dwWsymWYsRnln40gLU6c8m+RErpfT0W+V3Eb6YAQ88cpSsKCcPNqLoU3zA3q5+r4Wbtz47cQNcf529S400fxMCnJ11SGFvpQvY/xypXXM66EgxaX9oKinBXzQYfq0SJrM5sYCgFm5pgOSA27oVUEOLVq8A6tVvsJjxrkx/O1lXSwIDAQABo4G1MIGyMB0GA1UdDgQWBBTxP9PXIHNBmAXSVYDmPZwv7pvqoTCBggYDVR0jBHsweYAU8T/T1yBzQZgF0lWA5j2cL+6b6qGhVqRUMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyggkAz1ag+UnZbKowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAz69Q5RkSKcEfErqF9BeROdmmv2VdxnUp2R+R27MNiX4iIDlc7WrTA16/JPdLHofcexScXYcMc6LXEj78Sj/wsVeix1fgAnc3tu707ZIWUy00SxbYiVuW3M7uXqwYwRTE9BStZJFJ67d9NRZkSzCvKxsbTZoi5Qv9EQ9pDX5IntOaKQJBtJEgoafib6l520KQSV+b6m9Zu88uR6hhpEAHEIar24OJPYsp/2udIGzlU2mCO1ifI1cSMCwuU7OHBFWdg3quSCxDPtNIgkywt9yYxcgyFm/m3puvE3l64buTYqSK7FIbQ2ySnWN3SEEKeTGlnZDDz1PD5VzpYRvcCvpLgm2GIYHlAdsZBmQ+sXZOlu1HczKjORhVvDjoKDkToJ/AucaqyrKQzboFgtZ3qwQpDFCQ3cCblFEFjfz+vZyHiJ+6d4/YMT+avxhR8N+m3vShTW/taMjAIrx2q/mj1FLJJkF2/ySXcQrzCFOLFLjtnzA5rumPbn50eTF39+qdMohbYrxj2IdCJBfAmgA/FS38FsZzAqD/9MUWKnlF9eNnnEfV/JaHpeiOfuUi3N8VkcN5eXy6dAY/hOvHstP9/7E6Lxnlndehn6svmmn0d+0Ha6niA5QVrMl8kAXOpVUZekQ5jAOgLYxgPiH4DSfMBh42xN6RHz/MlS5Ykw1evK8lzfwxggM6MIIDNgIBATBfMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyAgkAz1ag+UnZbKowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA5MTQxNzQ2MTBaMCMGCSqGSIb3DQEJBDEWBBShpKoskgwJesxurUE8+aCRqZb8/DBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAgCtXSn8mz6krPs6C/BcASJuABFX+o/LTHlDuzu5FQ2HGpRnePbba4DRflyBY2CeOugy3ZWzhHBM9j6u/LIDXCgSfTTevne4ujdkmJgcC1/66ZaX6DPezlg4UOXe+2k4tk/zj6w6cjPFJtmTDN3Tu6VJfVpoRu1HfmabYpIUG+VhiMbfN6N6FmsWy+fCEZN91p3Cjq9z2yBoG5dC9M3+h6GuiogukkpAisnIPps6KK/9i1xq1D5RRxPNk3FBBs6Paq5JH0Gb9OzHa7tbQEsxPRQTZIf3MaA+1aI2JJnLIjevgRC6aVKWPwVYeG9zYzhGsykcKy4WRX99GdpAyIt+Ucp1vhLfpAt3sQ+cze8iaMjcl3biFfdPyl6zVlum1IOvunAKEqD+cYLhAeOWTylaNPz61/EqiBE4if+z6txtVZgI3YGM+Ucg2bWgguIkwUmc1LVru8cvfFkNoEWA1EBJKlbTzabB17idA9p1YpxrIx46s6Q/4vPLHLnLubfTeSZVl2OHPjFONiOFKHIIQaJqBq5JnfwwNVf/aXBRGOhIGecNahsTcQ8jnXNOKJyWVqaZGYDfECimXag6xJ3u1yBCMekfurMmfX31LV1SgrSHDhgwgccTfhHHpvzXGNn+5D9lUq40ZeecENBepNyE5zbPbWpx5fw6rZn2UtIHdv69weYBWg==

Your output will be different (you used the key generated locally)

This is what AT&T returns to us from the header enrichment request.

What we need to do (in DN?)

Verify signature

Bash command:

> echo "MIIKvwYJKoZIhvcNAQcCoIIKsDCCCqwCAQExCzAJBgUrDgMCGgUAMIIBdQYJKoZIhvcNAQcBoIIBZgSCAWIzNDI2MjRkZDA4ZGNhMDhlNzBhN2FkYTM3ZTRiNDgxOTEyMzE2OTlkZjE4MjhkM2ZjYzg5YTI5ZmYxMGMxYTZkZjU4N2MzOGUzZmMzMTkyNGEyNWU3YTdiYjJiMjQzYzY4NGQ4NGIxMjJiMzEyY2MzMTEwMDBhYTRjZjYyNzZhNzE5MmNhNDVmMjdhOGJmMWZmYmRhYWIxOWI1MjExZjM2YjM5NDZlZjgxNWE0MTAwYWNkZjRiMjE3MGI4YzNlZDBkNzQzZmE5ZDU5MDc5NmE1NjY0MGVjNzlkMjdjYjliOTdkYWM4N2YwZjJjMmFiYTdmNzQ0MzkyMDZhMmY2ZTliM2RiMzUwNzJlMjRiODY3YTMwYWU1MGFiODhkOGIzY2U5MzM3NTUyNTg4M2U3MzE0ZmYzYmU0NDhlZjE2NGE2YTg3ODUzOTMyY2I0MDFkZjBjM2I1Y2JkYWE0MGRiZmVhDQqgggXhMIIF3TCCA8WgAwIBAgIJAM9WoPlJ2WyqMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyMB4XDTE3MDkwNzIxMDcxNloXDTE4MDkwNzIxMDcxNlowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYDVQQKEwdOZXVzdGFyMSQwIgYJKoZIhvcNAQkBFhVtLndhdHNvbkB0ZWFtLm5ldXN0YXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXxgpad8EePxcnW82s9CEU6UpKTzN9t/GCklY+aUYPpNHF6F4pkNfOWvUDhSHDNs/yt3lfo7miDvXB/t08O9P99WW7fHVuAsNTrsp0nPT4Jo/Ej8JEHy34UOf/Y3KxxHuXPNCrHBNleMNC0EXvx7ZWlDWpVNMH+EHNx0Jx5Pfp/65BkxHtR5Hve5lIHJuvAH/SxqiDCs8hAg52tbqr5QBYUa+CkRwxJCCQc+tZodi0Cn8dHmv8IdPicU7gt56vjQafI7WYOYA7SqqAYhbAgsf35TB4RAtkf6lZCiRIeORiXICGRD7VLXbkgiLCAgCFoe/SPnWFQzZ2T7n4EcGjp4+Agv4pjHEe6+/3crwpYc4AAoj/7kcNiK+4V55fPyTU8DhWxHf0/A6vMQF4BNXxoHPIIb2qvc+4gVkOrkRneyxTZvYJWs5WkG6Or0GPK42+Vxv1h7Q+W+KdoUfq2RO878VL9JGvNgPwE6j20wL+Dq47c9xElvbh0VN1pDDY3dKnK2dwWsymWYsRnln40gLU6c8m+RErpfT0W+V3Eb6YAQ88cpSsKCcPNqLoU3zA3q5+r4Wbtz47cQNcf529S400fxMCnJ11SGFvpQvY/xypXXM66EgxaX9oKinBXzQYfq0SJrM5sYCgFm5pgOSA27oVUEOLVq8A6tVvsJjxrkx/O1lXSwIDAQABo4G1MIGyMB0GA1UdDgQWBBTxP9PXIHNBmAXSVYDmPZwv7pvqoTCBggYDVR0jBHsweYAU8T/T1yBzQZgF0lWA5j2cL+6b6qGhVqRUMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyggkAz1ag+UnZbKowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAz69Q5RkSKcEfErqF9BeROdmmv2VdxnUp2R+R27MNiX4iIDlc7WrTA16/JPdLHofcexScXYcMc6LXEj78Sj/wsVeix1fgAnc3tu707ZIWUy00SxbYiVuW3M7uXqwYwRTE9BStZJFJ67d9NRZkSzCvKxsbTZoi5Qv9EQ9pDX5IntOaKQJBtJEgoafib6l520KQSV+b6m9Zu88uR6hhpEAHEIar24OJPYsp/2udIGzlU2mCO1ifI1cSMCwuU7OHBFWdg3quSCxDPtNIgkywt9yYxcgyFm/m3puvE3l64buTYqSK7FIbQ2ySnWN3SEEKeTGlnZDDz1PD5VzpYRvcCvpLgm2GIYHlAdsZBmQ+sXZOlu1HczKjORhVvDjoKDkToJ/AucaqyrKQzboFgtZ3qwQpDFCQ3cCblFEFjfz+vZyHiJ+6d4/YMT+avxhR8N+m3vShTW/taMjAIrx2q/mj1FLJJkF2/ySXcQrzCFOLFLjtnzA5rumPbn50eTF39+qdMohbYrxj2IdCJBfAmgA/FS38FsZzAqD/9MUWKnlF9eNnnEfV/JaHpeiOfuUi3N8VkcN5eXy6dAY/hOvHstP9/7E6Lxnlndehn6svmmn0d+0Ha6niA5QVrMl8kAXOpVUZekQ5jAOgLYxgPiH4DSfMBh42xN6RHz/MlS5Ykw1evK8lzfwxggM6MIIDNgIBATBfMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEChMHTmV1c3RhcjEkMCIGCSqGSIb3DQEJARYVbS53YXRzb25AdGVhbS5uZXVzdGFyAgkAz1ag+UnZbKowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA5MTQxNzQ2MTBaMCMGCSqGSIb3DQEJBDEWBBShpKoskgwJesxurUE8+aCRqZb8/DBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAgCtXSn8mz6krPs6C/BcASJuABFX+o/LTHlDuzu5FQ2HGpRnePbba4DRflyBY2CeOugy3ZWzhHBM9j6u/LIDXCgSfTTevne4ujdkmJgcC1/66ZaX6DPezlg4UOXe+2k4tk/zj6w6cjPFJtmTDN3Tu6VJfVpoRu1HfmabYpIUG+VhiMbfN6N6FmsWy+fCEZN91p3Cjq9z2yBoG5dC9M3+h6GuiogukkpAisnIPps6KK/9i1xq1D5RRxPNk3FBBs6Paq5JH0Gb9OzHa7tbQEsxPRQTZIf3MaA+1aI2JJnLIjevgRC6aVKWPwVYeG9zYzhGsykcKy4WRX99GdpAyIt+Ucp1vhLfpAt3sQ+cze8iaMjcl3biFfdPyl6zVlum1IOvunAKEqD+cYLhAeOWTylaNPz61/EqiBE4if+z6txtVZgI3YGM+Ucg2bWgguIkwUmc1LVru8cvfFkNoEWA1EBJKlbTzabB17idA9p1YpxrIx46s6Q/4vPLHLnLubfTeSZVl2OHPjFONiOFKHIIQaJqBq5JnfwwNVf/aXBRGOhIGecNahsTcQ8jnXNOKJyWVqaZGYDfECimXag6xJ3u1yBCMekfurMmfX31LV1SgrSHDhgwgccTfhHHpvzXGNn+5D9lUq40ZeecENBepNyE5zbPbWpx5fw6rZn2UtIHdv69weYBWg=="|base64 -D|openssl smime -inform der -pk7out -verify -noverify

Output:

342624dd08dca08e70a7ada37e4b48191231699df1828d3fcc89a29ff10c1a6df587c38e3fc31924a25e7a7bb2b243c684d84b122b312cc311000aa4cf6276a7192ca45f27a8bf1ffbdaab19b5211f36b3946ef815a4100acdf4b2170b8c3ed0d743fa9d590796a56640ec79d27cb9b97dac87f0f2c2aba7f74439206a2f6e9b3db35072e24b867a30ae50ab88d8b3ce93375525883e7314ff3be448ef164a6a87853932cb401df0c3b5cbdaa40dbfea
Verification successful

Decryption

Bash Command:

> echo "342624dd08dca08e70a7ada37e4b48191231699df1828d3fcc89a29ff10c1a6df587c38e3fc31924a25e7a7bb2b243c684d84b122b312cc311000aa4cf6276a7192ca45f27a8bf1ffbdaab19b5211f36b3946ef815a4100acdf4b2170b8c3ed0d743fa9d590796a56640ec79d27cb9b97dac87f0f2c2aba7f74439206a2f6e9b3db35072e24b867a30ae50ab88d8b3ce93375525883e7314ff3be448ef164a6a87853932cb401df0c3b5cbdaa40dbfea"|xxd -r -p|openssl enc -aes128 -K FEA5C1C4F360106BDDDE64A1D39CF4F2 -iv 973F742746A6575ED71C2BC29FE4EE97 -d

Output:

md5sum=7370e7886ca4243a6615deb97b014c4a;nonce=neustarfakenonce;expire=151416000000;x-up-calling-line-ID=14158186834;x-up-sub-no=123456789;x-up-sgsg-ip=107.77.214.154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment