[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Problem verifying an MS Crypto API PKCS7 in IAIK.



Hi all,

I am trying to verify a PKCS7 created in MS Crypto API using the IAIK library. IAIK throws a "Certificate of signer not found" exception whenever it cannot decrypt the encrypted digest from a SignerInfo properly.  The PKCS7 seems to be properly created by the MSCAPI (it can be verified in MS CAPI).   Does anyone recognize or know how to solve this problem? Any help appreciated...
 
The MS CAPI program flow is as below (edited), and the resulting PKCS7 is attached to this message.
 
Thanks,
Daniel J. Sanders.
 
 
 
 
 
//main
//--------------------------------------------------------------------
// Acquire a cryptographic provider.
if(CryptAcquireContext( .....
 
 
//--------------------------------------------------------------------
// Open a certificate store.
if(hSystemStoreHandle = CertOpenStore(....
 
//--------------------------------------------------------------------
//  Find a certificate in the store. This certificate will
 if(pSignerCert = CertFindCertificateInStore(.....
 
//--------------------------------------------------------------------
//   Get and print the name of the subject of the certificate.
   if(CertGetNameString(.....

//--------------------------------------------------------------------
// Create an array of CERT_INFOs. In this case, there is a single
// recipient.
SignerCertArray[0] = pSignerCert->pCertInfo;.......
 
//--------------------------------------------------------------------
// Initialize the algorithm identifier structure.
HashAlgSize = sizeof(HashAlgorithm); etc...
 
//--------------------------------------------------------------------
//Create a timestamp and encode it. Send to SigParams
 GetSystemTime(&st);
SystemTimeToFileTime(&st, &ft);
CryptEncodeObject(MY_ENCODING_TYPE, szOID_RSA_signingTime, (LPVOID)&ft, pbAuth, &cbAuth);
 
//--------------------------------------------------------------------
// Initialize the CRYPT_SIGN_MESSAGE_PARA structure.
  etc...            
//--------------------------------------------------------------------
//  In two steps, sign and encode the message.
//  First, get the number of bytes requred for the buffer
//  to hold the signed and encoded message.
if(CryptSignMessage( ...
 
//--------------------------------------------------------------------
//   Allocate memory for the required buffer.
 
if(!(pbEncodedBlob = (BYTE *)malloc(cbEncodedBlob)))
     HandleError("Memory allocation failed.");
 
//--------------------------------------------------------------------
//   Call CryptSignMessage a second time to
//   copy the signed and encoded message to the buffer.
 
if( CryptSignMessage(
//printf("The Blob  %s ",pbEncodedBlob);
//END OF SIGNING
  
 
//Set up the variables for the new message to be opened
 
//--------------------------------------------------------------------
// Initialize the CMSG_SIGNER_ENCODE_INFO structure.
  
//--------------------------------------------------------------------
// Create an array of one CMSG_SIGNER_ENCODE_INFO.
 
 
//--------------------------------------------------------------------
// Initialize the CMSG_SIGNED_ENCODE_INFO structure.
 
 
//--------------------------------------------------------------------
// Initialize the array of one CertBlob.
  
//OPEN A MESSAGE FOR ENCODING
//--------------------------------------------------------------------
if(hMsg = CryptMsgOpenToEncode(
  
//UPDATE THE MESSAGE WITH THE CertBlob
if(CryptMsgUpdate( //--------------------------------------------------------------------
// 1st Call to function: (Get PKCS7 param is flagged)
if(CryptMsgGetParam(
    hMsg,                      // Handle to the message
    CMSG_CONTENT_PARAM,        // Parameter type
 
//Allocate memory for the required buffer.
if(!(pbSignedBlob = (BYTE *)malloc(cbSignedBlob)))
     HandleError("Memory allocation failed.");
 
//2nd Call to function: Get the PKCS7
if(CryptMsgGetParam(......
   
//--------------------------------------------------------------------
// pbSignedBlob now points to the encoded, signed content.
printf("\n%d,is THE BLOB SIZE.",cbSignedBlob);
//Write to a file.
fstream f;
f.open("c:\\amsg", ios::out|ios::binary);
f.write(pbSignedBlob,cbSignedBlob);
f.close();
//Close the file.
 
//--------------------------------------------------------------------
//Clean up after signing and encoding.
if(pSignerCert)
   CertFreeCertificateContext(pSignerCert);
if(hSystemStoreHandle)
   CertCloseStore(hSystemStoreHandle,CERT_CLOSE_STORE_FORCE_FLAG);
 
printf("This program ran to completion without error. \n");
} //  End of main
//End File
 

pkcs7.dat