[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] PKCS#7 verification



Your ASN.1 output  shows that the SignedData is wrapped into a ContentInfo.
So you first have to create a ContentInfo from the message and subsequently
call its getContent method to obtain the SignedData. Since now you cannot
use the SignedData(byte[] content, AlgorithmID[] hashAlgorithms) algorithm
for an explicit message, you yourself may calculate the hash over the
content - received by other means - for any participated hash algorithm.
Subsequently call the setMessageDigest(...) method repeatedly to set the
hash values. Now you can verify the signature, e.g. (assuming only one hash
algorithm has been used):

// calculate the hash over the content received outside the message
MessageDigest md = java.security.MessageDigest.getInstance("SHA");
md.update(message);
byte[] digest = md.digest();
// parse the ContentInfo
ContentInfo ci = new ContentInfo(pkcs7Object);
// get the SignedData from the ContentInfo
SignedData sd = (SignedData)ci.getContent();
// set the hash
sd.setMessageDigest(AlgorithmID.sha, digest);
// now verify
SignerInfo[] signer_infos = sd.getSignerInfos();
for (int i=0; i<signer_infos.length; i++) {
   try {
      // verify the signed data using the SignerInfo at index i
      X509Certificate signer_cert = sd.verify(i);
      // if the signature is OK the certificate of the signer is returned
      System.out.println("Signature OK from signer:
"+signer_cert.getSubjectDN());
    } catch (SignatureException ex) {
          // if the signature is not OK a SignatureException is thrown
          System.out.println("Signature ERROR from signer:
"+signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).get
SubjectDN());
          ex.printStackTrace();
          System.exit(-1);
    }
 }
----- Original Message -----
From: Ismael Blesa Part <iblesa@tissat.es>
To: <java-security@java.sun.com>; <iaik-jce@iaik.tu-graz.ac.at>
Sent: Thursday, July 15, 1999 12:12 PM
Subject: [iaik-jce] PKCS#7 verification


>
>   I'm trying to verify the encrypted digest in a Pkcs#7 signedData
> object. But I have some problems with the format.
> I am using the IAIK.JCE2.5 . http://jcewww.iaik.tu-graz.ac.at/
> I don't understand why the ASN1object that I get from ASN1 is so small,
> and later
> when I try to use it I get an exception.
>
> What I am doing wrong?
>
>
> this is the code I have problems with
>
> ASN1 asn1 = new ASN1(pkcs.getBytes());
> out.println("asn1:"+asn1.toString());
>  ASN1Object asn1_object = asn1.toASN1Object();
> out.println("----------------------------------------------------");
> out.println("asn1_object:"+asn1_object.toString());
>
> AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 };
>  try {
>  signed_data = new SignedData(message, algIDs);
>       out.println("obtenemos el objeto SignedData");
>   } catch (NoSuchAlgorithmException ex) {
>       throw new PKCSException(ex.getMessage());
>      }
>
>     // get an InputStream for reading the signed content
>     InputStream data = signed_data.getInputStream();
>     ByteArrayOutputStream os = new ByteArrayOutputStream();
>     StreamCopier sc = new StreamCopier(data, os);
>     sc.copyStream();
>
>       try {
>       signed_data.decode(obj);
>       } catch (PKCSParsingException pkcs) {
>         out.println("PKCSParsingException"+pkcs.toString());
>       }
>
> And the output is:
>
> asn1:SEQUENCE[C] = 2 elements
>   OBJECT ID = PKCS#7 signedData
>   CONTEXTSPECIFIC[C] = [0] EXPLICIT
>     SEQUENCE[C] = 5 elements
>       INTEGER = 1
>       SET[C] = 1 elements
>         SEQUENCE[C] = 2 elements
>           OBJECT ID = SHA
>           NULL = null
>       SEQUENCE[C] = 1 elements
>         OBJECT ID = PKCS#7 data
>       CONTEXTSPECIFIC[C] = [0] EXPLICIT
>         SEQUENCE[C] = 3 elements
>           SEQUENCE[C] = 7 elements
>             CONTEXTSPECIFIC[C] = [0] EXPLICIT
>               INTEGER = 2
>             INTEGER = 527
>             SEQUENCE[C] = 2 elements
>               OBJECT ID = md5WithRSAEncryption
>               NULL = null
>             SEQUENCE[C] = 5 elements
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = countryName
>                   PrintableString = "ES"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = stateOrProvinceName
>                   PrintableString = "Madrid"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationName
>                   PrintableString = "ACE"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationalUnitName
>                   PrintableString = "Clase 1"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = commonName
>                   PrintableString = "ACE Clientes1"
>             SEQUENCE[C] = 2 elements
>               UTCTime = 990121091651Z
>               UTCTime = 000121051600Z
>             SEQUENCE[C] = 7 elements
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = countryName
>                   PrintableString = "es"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = stateOrProvinceName
>                   PrintableString = "Valencia"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = localityName
>                   PrintableString = "Valencia"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationName
>                   PrintableString = "Tissat"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationalUnitName
>                   PrintableString = "Infomarket"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = commonName
>                   PrintableString = "Maria Angeles"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = emailAddress
>                   IA5String = "mangeles@tissat.es"
>             SEQUENCE[C] = 2 elements
>               SEQUENCE[C] = 2 elements
>                 OBJECT ID = rsaEncryption
>                 NULL = null
>               BIT STRING = 74 byte(s); 0 bit(s) not valid
>           SEQUENCE[C] = 2 elements
>             OBJECT ID = md5WithRSAEncryption
>             NULL = null
>           BIT STRING = 128 byte(s); 0 bit(s) not valid
>       SET[C] = 1 elements
>         SEQUENCE[C] = 6 elements
>           INTEGER = 1
>           SEQUENCE[C] = 2 elements
>             SEQUENCE[C] = 5 elements
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = countryName
>                   PrintableString = "ES"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = stateOrProvinceName
>                   PrintableString = "Madrid"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationName
>                   PrintableString = "ACE"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = organizationalUnitName
>                   PrintableString = "Clase 1"
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 2 elements
>                   OBJECT ID = commonName
>                   PrintableString = "ACE Clientes1"
>             INTEGER = 527
>           SEQUENCE[C] = 2 elements
>             OBJECT ID = SHA
>             NULL = null
>           CONTEXTSPECIFIC[C] = [0] EXPLICIT
>             SEQUENCE[C] = 2 elements
>               OBJECT ID = contentType
>               SET[C] = 1 elements
>                 OBJECT ID = PKCS#7 data
>             SEQUENCE[C] = 2 elements
>               OBJECT ID = signingTime
>               SET[C] = 1 elements
>                 UTCTime = 990715091946Z
>             SEQUENCE[C] = 2 elements
>               OBJECT ID = symmetricCapabilities
>               SET[C] = 1 elements
>                 SEQUENCE[C] = 1 elements
>                   SEQUENCE[C] = 2 elements
>                     OBJECT ID = RC2-CBC
>                     INTEGER = 40
>             SEQUENCE[C] = 2 elements
>               OBJECT ID = messageDigest
>               SET[C] = 1 elements
>                 OCTET STRING = 20 bytes: B1:66:50:B9:70...
>           SEQUENCE[C] = 2 elements
>             OBJECT ID = rsaEncryption
>             NULL = null
>           OCTET STRING = 64 bytes: BA:D1:1E:A3:16...
>
> ----------------------------------------------------
> asn1_object:SEQUENCE[C] = 2 elements
> PKCSParsingException: iaik.pkcs.PKCSParsingException: Next ASN.1 object
> is no INTEGER!
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>


smime.p7s