|
Hi all,
I am trying to verify a PKCS7 created in MS Crypto API using the IAIK library. IAIK throws a "Certificate of signer not found" exception whenever it cannot decrypt the encrypted digest from a SignerInfo properly. The PKCS7 seems to be properly created by the MSCAPI (it can be verified in MS CAPI). Does anyone recognize or know how to solve this problem? Any help appreciated... The MS CAPI program flow is as below (edited), and the resulting PKCS7
is attached to this message.
Thanks,
Daniel J. Sanders.
//main
//-------------------------------------------------------------------- // Acquire a cryptographic provider. if(CryptAcquireContext( ..... //--------------------------------------------------------------------
// Open a certificate store. if(hSystemStoreHandle = CertOpenStore(.... //--------------------------------------------------------------------
// Find a certificate in the store. This certificate will if(pSignerCert = CertFindCertificateInStore(..... //--------------------------------------------------------------------
// Get and print the name of the subject of the certificate. if(CertGetNameString(..... //-------------------------------------------------------------------- // Create an array of CERT_INFOs. In this case, there is a single // recipient. SignerCertArray[0] = pSignerCert->pCertInfo;....... //--------------------------------------------------------------------
// Initialize the algorithm identifier structure. HashAlgSize = sizeof(HashAlgorithm); etc... //--------------------------------------------------------------------
//Create a timestamp and encode it. Send to
SigParams
GetSystemTime(&st); SystemTimeToFileTime(&st, &ft); CryptEncodeObject(MY_ENCODING_TYPE, szOID_RSA_signingTime, (LPVOID)&ft, pbAuth, &cbAuth); //--------------------------------------------------------------------
// Initialize the CRYPT_SIGN_MESSAGE_PARA structure. etc... //-------------------------------------------------------------------- // In two steps, sign and encode the message. // First, get the number of bytes requred for the buffer // to hold the signed and encoded message. if(CryptSignMessage( ...
//--------------------------------------------------------------------
// Allocate memory for the required buffer. if(!(pbEncodedBlob = (BYTE
*)malloc(cbEncodedBlob)))
HandleError("Memory allocation failed."); //--------------------------------------------------------------------
// Call CryptSignMessage a second time to // copy the signed and encoded message to the buffer. if( CryptSignMessage(
//printf("The Blob %s ",pbEncodedBlob);
//END OF SIGNING //Set up the variables for the new message to be opened
//--------------------------------------------------------------------
// Initialize the CMSG_SIGNER_ENCODE_INFO structure. //-------------------------------------------------------------------- // Create an array of one CMSG_SIGNER_ENCODE_INFO. //--------------------------------------------------------------------
// Initialize the CMSG_SIGNED_ENCODE_INFO structure. //--------------------------------------------------------------------
// Initialize the array of one CertBlob. //OPEN A MESSAGE FOR ENCODING //-------------------------------------------------------------------- if(hMsg = CryptMsgOpenToEncode( //UPDATE THE MESSAGE WITH THE CertBlob if(CryptMsgUpdate( //-------------------------------------------------------------------- // 1st Call to function: (Get PKCS7 param is flagged)
if(CryptMsgGetParam(
hMsg, // Handle to the message CMSG_CONTENT_PARAM, // Parameter type //Allocate memory for the required buffer.
if(!(pbSignedBlob = (BYTE *)malloc(cbSignedBlob))) HandleError("Memory allocation failed."); //2nd Call to function: Get the PKCS7
if(CryptMsgGetParam(...... //-------------------------------------------------------------------- // pbSignedBlob now points to the encoded, signed content. printf("\n%d,is THE BLOB SIZE.",cbSignedBlob); //Write to a file.
fstream f; f.open("c:\\amsg", ios::out|ios::binary); f.write(pbSignedBlob,cbSignedBlob); f.close(); //Close the file. //--------------------------------------------------------------------
//Clean up after signing and encoding. if(pSignerCert) CertFreeCertificateContext(pSignerCert); if(hSystemStoreHandle) CertCloseStore(hSystemStoreHandle,CERT_CLOSE_STORE_FORCE_FLAG); printf("This program ran to completion without error. \n");
} // End of main //End File
|