[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [iaik-jce] Problem with verifing SignedData
Hello,
PKCS#7 is not suitable for DSA because the hash value (together with the
digest algorithm identifier) is packed into a DigestInfo sequence (to work
against attacks due to digest algorithm compromise) which subsequently is
encoded and encrypted with the signer´s private key. DSA, however, needs the
160 bit SHA hash (not wrapped into a DigestInfo). PKCS#7 successor CMS (we
work on it) does not do the DigestInfo wrapping and so also may be used for
DSA. (when using CMS with RSA, the DigestInfo wrapping is performed "inside"
the RSA signature process and no more longer "outside" for any algorithm
used).
Regards,
Dieter Bratko
-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Andreas
Siglreithmayr
Gesendet: Freitag, 15. September 2000 12:45
An: IAIK MailingList (E-mail)
Betreff: [iaik-jce] Problem with verifing SignedData
Hello,
I have a problem verifying the following SignedData-Object:
SEQUENCE[C][I] = 4 elements
INTEGER = 1
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = SHA
NULL = null
SEQUENCE[C][I] = 1 elements
OBJECT ID = PKCS#7 data
SET[C] = 1 elements
SEQUENCE[C] = 6 elements
INTEGER = 1
SEQUENCE[C] = 2 elements
SEQUENCE[C] = 3 elements
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = countryName
PrintableString = "DE"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationName
PrintableString = "IXOS"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = commonName
PrintableString = "CA"
INTEGER = 2084
SEQUENCE[C] = 2 elements
OBJECT ID = SHA
NULL = null
CONTEXTSPECIFIC[C] = [0] IMPLICIT
SET[C] = 3 elements
SEQUENCE[C] = 2 elements
OBJECT ID = contentType
SET[C] = 1 elements
OBJECT ID = PKCS#7 data
SEQUENCE[C] = 2 elements
OBJECT ID = signingTime
SET[C] = 1 elements
UTCTime = 000915103719Z
SEQUENCE[C] = 2 elements
OBJECT ID = messageDigest
SET[C] = 1 elements
OCTET STRING = 20 bytes: B1:97:09:A4:5E...
SEQUENCE[C] = 2 elements
OBJECT ID = dsa
NULL = null
OCTET STRING = null
I verify SignedData sd like follows:
AlgorithmID[] algIDs = sd.getDigestAlgorithms();
SignedData verifySD = new SignedData(bytes, algIDs);
verifySD.decode(sd.toASN1Object());
verifySD.verify(certs[0].getPublicKey(), 0);
Information about cert[0]:
Version: 3
Serial number: 2084
Signature algorithm: 1.2.840.10040.4.3
Issuer: CN=CA, O=IXOS, C=DE
Valid not before: Tue Aug 24 15:59:10 GMT+02:00 1999
not after: Mon Aug 24 15:59:10 GMT+02:00 2009
Subject: CN=TS00, OU=TSS, O=IXOS, C=DE
This PublicKeyInfo contains a dsa key.
Certificate Fingerprint: F8:AA:49:AD:44:BB:53:FD:E7:33:FF:A9:D4:1F:65:DC
As I try the following Exception is thrown:
java.security.SignatureException: java.security.InvalidKeyException: No
PublicKeyInfo: java.security.InvalidKeyException: No RSA Public Key:
iaik.asn1.CodingException: ASN1: INTEGER does not support
getComponentAt(int)!
at iaik.pkcs.pkcs7.SignerInfo.getDigest(Unknown Source)
at iaik.pkcs.pkcs7.SignedDataStream.verify(Unknown Source)
at dox.timestamp.test.TSSRequest.main(TSSRequest.java, Compiled
Code)
But as you see above the public key was made with dsa.
Do you know what is wrong?
Andreas Siglreithmayr
Developer
memIQ AG
Hans-Pinsel-Strasse 9a
D-85540 Haar
Tel.: +49 (0)89 45639.325
http://www.memIQ.com
andreas.siglreithmayr@memIQ.de
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce
smime.p7s