[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE: [iaik-jce] Netscape Certs


the JavaScript signText function gives a bas64 encoded PKCS#7
SignedData-Object wrapped into a ContentInfo. The data itself is not
included in the SignedData object (corresponds to the EXPLICIT mode of
iaik.pkcs.pkcs7.SignedData(Stream)). So -- for verifying the signatures --
you must supply the data that has been transmitted outside the SignedData
object. For parsing the  PKCS#7 object you may use an ASN1InputStream (for
resolving the base64 encoding) and subsequently removing the ContentInfo
wrapping with class ContentInfo(Stream) as shown in
demo.pkcs.TestContentInfo, method getSignedData(Stream).

Dieter Bratko

-----Original Message-----
From: Kevin Crosbie
To: Dieter Bratko, iaik-jce@iaik.at
Subject: RE: [iaik-jce] Netscape Certs

Thank you for replying Dieter.

So, There's no real automatic way to handle this, like the way Netscape's
crypto.signText handles it.

Doing it by exporting the certificate, does that mean that the client
browser needs to do this before any transactions occur?

I posed a different question earlier and I have also seen many similar
questions on this board, about whether it is possible to take the B64 output
from crypto.signText and use SignedDataStream to obtain the origional signed
datafor verification.   I tried most of the suggestions, but for some
reason, I get nothing from the signed data string actually being inserted
into the SignedDataStream class or ASN1Object class, no matter how I go
about doing it.

When I decode the B64 String, I get what looks like a certificate, granted,
much of it is binary, with VeriSign strings in it.   This usually proves
invalid though.

Have you any suggestions?

Thanks a million,