[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Problem with verifing SignedData



Hello,

PKCS#7 is not suitable for DSA because the hash value (together with the
digest algorithm identifier) is packed into a DigestInfo sequence (to work
against attacks due to digest algorithm compromise)  which subsequently is
encoded and encrypted with the signer´s private key. DSA, however, needs the
160 bit SHA hash (not wrapped into a DigestInfo). PKCS#7 successor CMS (we
work on it) does not do the DigestInfo wrapping and so also may be used for
DSA. (when using CMS with RSA, the DigestInfo wrapping is performed "inside"
the RSA signature process and no more longer "outside" for any algorithm
used).

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Andreas
Siglreithmayr
Gesendet: Freitag, 15. September 2000 12:45
An: IAIK MailingList (E-mail)
Betreff: [iaik-jce] Problem with verifing SignedData


Hello,

I have a problem verifying the following SignedData-Object:

SEQUENCE[C][I] = 4 elements
  INTEGER = 1
  SET[C] = 1 elements
    SEQUENCE[C] = 2 elements
      OBJECT ID = SHA
      NULL = null
  SEQUENCE[C][I] = 1 elements
    OBJECT ID = PKCS#7 data
  SET[C] = 1 elements
    SEQUENCE[C] = 6 elements
      INTEGER = 1
      SEQUENCE[C] = 2 elements
        SEQUENCE[C] = 3 elements
          SET[C] = 1 elements
            SEQUENCE[C] = 2 elements
              OBJECT ID = countryName
              PrintableString = "DE"
          SET[C] = 1 elements
            SEQUENCE[C] = 2 elements
              OBJECT ID = organizationName
              PrintableString = "IXOS"
          SET[C] = 1 elements
            SEQUENCE[C] = 2 elements
              OBJECT ID = commonName
              PrintableString = "CA"
        INTEGER = 2084
      SEQUENCE[C] = 2 elements
        OBJECT ID = SHA
        NULL = null
      CONTEXTSPECIFIC[C] = [0] IMPLICIT
        SET[C] = 3 elements
          SEQUENCE[C] = 2 elements
            OBJECT ID = contentType
            SET[C] = 1 elements
              OBJECT ID = PKCS#7 data
          SEQUENCE[C] = 2 elements
            OBJECT ID = signingTime
            SET[C] = 1 elements
              UTCTime = 000915103719Z
          SEQUENCE[C] = 2 elements
            OBJECT ID = messageDigest
            SET[C] = 1 elements
              OCTET STRING = 20 bytes: B1:97:09:A4:5E...
      SEQUENCE[C] = 2 elements
        OBJECT ID = dsa
        NULL = null
      OCTET STRING = null



I verify SignedData sd like follows:

AlgorithmID[] algIDs = sd.getDigestAlgorithms();
SignedData verifySD = new SignedData(bytes, algIDs);
verifySD.decode(sd.toASN1Object());
verifySD.verify(certs[0].getPublicKey(), 0);

Information about cert[0]:

Version: 3
Serial number: 2084
Signature algorithm: 1.2.840.10040.4.3
Issuer: CN=CA, O=IXOS, C=DE
Valid not before: Tue Aug 24 15:59:10 GMT+02:00 1999
      not after: Mon Aug 24 15:59:10 GMT+02:00 2009
Subject: CN=TS00, OU=TSS, O=IXOS, C=DE
This PublicKeyInfo contains a dsa key.
Certificate Fingerprint: F8:AA:49:AD:44:BB:53:FD:E7:33:FF:A9:D4:1F:65:DC


As I try the following Exception is thrown:


java.security.SignatureException: java.security.InvalidKeyException: No
PublicKeyInfo: java.security.InvalidKeyException: No RSA Public Key:
iaik.asn1.CodingException: ASN1: INTEGER does not support
getComponentAt(int)!

	at iaik.pkcs.pkcs7.SignerInfo.getDigest(Unknown Source)

	at iaik.pkcs.pkcs7.SignedDataStream.verify(Unknown Source)

	at dox.timestamp.test.TSSRequest.main(TSSRequest.java, Compiled
Code)


But as you see above the public key was made with dsa.
Do you know what is wrong?

Andreas Siglreithmayr
Developer

memIQ AG
Hans-Pinsel-Strasse 9a
D-85540 Haar
Tel.: +49 (0)89 45639.325
http://www.memIQ.com
andreas.siglreithmayr@memIQ.de


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




smime.p7s