[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Problem in constructing SignedData object



Hello,

it´s right, it is not alloed that an ASN.1 INTEGER is encoded with a missing
content field; but I suppose that´s not the problem here.

Usually a PKCS#7 content object is wrapped into a ContentInfo, so you have
to use class ContentInfo(Stream) for first removing the wrapping before
being able to parse the inherent SignedData object and verify the
signatures.

However, when doing

    ContentInfoStream cis2 = new ContentInfoStream(fis2);

    ASN1Object asn = cis2.toASN1Object();
    SignedData sData = new SignedData(asn);

you try to decode the wrapping content info with the SignedData-class which
expects a SignedData object.

Use method getContent (or getContentInputStream if the data is not included
(explicit mode; e.g. multipart/signed message)) for getting the content from
a ContentInfo (see see demo.pkcs.TestContentInfo for an example), e.g.:

SignedDataStream signedData = (SignedDataStream)cis2.getContent();

for implicit mode where the data is included (for explicit mode please look
at demo.pkcs.TestContentInfo).

Also you might not merge stream- and non-stream implementation (use
ContentInfoStream and SignedDataStream or ContentInfo and SignedData).

When dealing with S/MIME-objects it might be more convenient to immediately
use IAIK-S/MIME.

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Hu Liang
Gesendet: Donnerstag, 29. Juni 2000 18:22
An: Ramana; iaik-jce@iaik.tu-graz.ac.at
Betreff: Re: [iaik-jce] Problem in constructing SignedData object


If you read the ASN.1 standards, an INTEGER object
cannot be null, meaning if its value encoding is
0(zero), it still has to contain a byte for zero.

Some ASN.1 encoders, VeriSign for one, encodes a 0
INTEGER object as a null value.  IAIK ASN.1 parser
does not allow this, and it should not allow this
according to the specs.

OpenSSL can parse null INTEGERS.  Use OpenSSL to do an
ASN1 text dump, then look for an INTEGER object
followed by a 0(zero) sized object.  If this is the
case, then Microsoft is not encoding the ASN.1 object
correctly.  If all INTEGERS are correct according to
the OpenSSL text dump, then my assumption is
incorrect, and I'm not sure what is wrong.

Hope this helps,
Hu

--- Ramana <ramana@vsofti.stph.net> wrote:
> Hi,
>
> I am trying to construct a SignedData object from
> the content received
> from Outlook Expressed signed mail and i am getting
> the error
>
> java.io.IOException: Next ASN.1 object is no
> INTEGER!
>         at
> iaik.asn1.DerInputStream.readInteger(Unknown Source)
>         at
> iaik.pkcs.pkcs7.SignedDataStream.decode(Unknown
> Source)
>         at
> iaik.pkcs.pkcs7.SignedDataStream.<init>(Unknown
> Source)
>         at signednew.main(signednew.java:84)
>
>
> The code i am trying to execute is
>
>         FileInputStream fis = new
> FileInputStream("enctemp.txt");
>         FileOutputStream fos = new
> FileOutputStream("temp1.txt");
>
>         byte[] bt= new byte[fis.available()];
>         fis.read(bt);
>
>        fos.write(Util.Base64Decode(bt));
>        fos.close();
>
>        FileInputStream fis2 = new
> FileInputStream("temp1.txt");
>        ContentInfoStream cis2 = new
> ContentInfoStream(fis2);
>
>       ASN1Object asn = cis2.toASN1Object();
>       SignedData sData = new SignedData(asn);  (
> Error occuring in this
> line )
>       -------
>       -------
>
>       enctemp.txt file contains the text obtained
> from signed mail
> obtained from Outlook mail.
>       The text in the file is pasted below
>
>
>
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIEWTCCAg0w
>
>
ggG3AgEBMA0GCSqGSIb3DQEBBAUAMIGsMQswCQYDVQQGEwJJTjEXMBUGA1UECBMOQW5kaHJhIFBy
>
>
YWRlc2gxEjAQBgNVBAcTCUh5ZGVyYWJhZDEkMCIGA1UEChMbVmlzdWFsU29mdCBUZWNobm9sb2dp
>
>
ZXMgTHRkMREwDwYDVQQLEwhWaVNlY3VyZTETMBEGA1UEAxMKVmlzdWFsU29mdDEiMCAGCSqGSIb3
>
>
DQEJARYTYnJrQHZzb2Z0aS5zdHBoLm5ldDAeFw0wMDA0MDExMDIyMTFaFw0wMDA3MTAxMDIyMTFa
>
>
MHYxCzAJBgNVBAYTAklOMQswCQYDVQQIEwJBcDENMAsGA1UEChMEVlNUTDERMA8GA1UECxMIVmlT
>
>
ZWN1cmUxFDASBgNVBAMTC1JhdmlrcmlzaG5hMSIwIAYJKoZIhvcNAQkBFhNicmtAdnNvZnRpLnN0
>
>
cGgubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKb7fno7hM+WW7FrX5iTXgoDlUhKrmFS3m8S
>
>
f3GEw/CRIplcuH94PLXCd3AYMzEVxb0qOKibmPm8+c/699EdV3kCAwEAATANBgkqhkiG9w0BAQQF
>
>
AANBAFX/kw5FLLSZi+UHxcBgMgqS+kJWuS0ntx047UfVKp4IDxpyYrheG00/avg1qus+Tr6JfW+F
>
>
KFY8/HsXjk/HvaYwggJEMIIB7gIBADANBgkqhkiG9w0BAQQFADCBrDELMAkGA1UEBhMCSU4xFzAV
>
>
BgNVBAgTDkFuZGhyYSBQcmFkZXNoMRIwEAYDVQQHEwlIeWRlcmFiYWQxJDAiBgNVBAoTG1Zpc3Vh
>
>
bFNvZnQgVGVjaG5vbG9naWVzIEx0ZDERMA8GA1UECxMIVmlTZWN1cmUxEzARBgNVBAMTClZpc3Vh
>
>
bFNvZnQxIjAgBgkqhkiG9w0BCQEWE2Jya0B2c29mdGkuc3RwaC5uZXQwHhcNMDAwNDAxMTAxNjEw
>
>
WhcNMDEwNDAxMTAxNjEwWjCBrDELMAkGA1UEBhMCSU4xFzAVBgNVBAgTDkFuZGhyYSBQcmFkZXNo
>
>
MRIwEAYDVQQHEwlIeWRlcmFiYWQxJDAiBgNVBAoTG1Zpc3VhbFNvZnQgVGVjaG5vbG9naWVzIEx0
>
>
ZDERMA8GA1UECxMIVmlTZWN1cmUxEzARBgNVBAMTClZpc3VhbFNvZnQxIjAgBgkqhkiG9w0BCQEW
>
>
E2Jya0B2c29mdGkuc3RwaC5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAs4kT5bA99ZkZvvg9
>
>
hQNBGG8xt8IdYj9kpvjk2x8++4kP8sRH6uGd6a6vZjerIcJKEezAXWO9jnQZ7Xxq9mklZQIDAQAB
>
>
MA0GCSqGSIb3DQEBBAUAA0EALO48prEKIH+IF9DavjdRSEb53Y2g4wEbKOC70P1YzdRKEKGVrXnY
>
>
hIwQJQGphMxVne3n0SJpEJVrrYHienqeazGCAZcwggGTAgEBMIGyMIGsMQswCQYDVQQGEwJJTjEX
>
>
MBUGA1UECBMOQW5kaHJhIFByYWRlc2gxEjAQBgNVBAcTCUh5ZGVyYWJhZDEkMCIGA1UEChMbVmlz
>
>
dWFsU29mdCBUZWNobm9sb2dpZXMgTHRkMREwDwYDVQQLEwhWaVNlY3VyZTETMBEGA1UEAxMKVmlz
>
>
dWFsU29mdDEiMCAGCSqGSIb3DQEJARYTYnJrQHZzb2Z0aS5zdHBoLm5ldAIBATAJBgUrDgMCGgUA
>
>
oH0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAwNjI0MDkyMjMz
>
>
WjAeBgkqhkiG9w0BCQ8xETAPMA0GCCqGSIb3DQMCAgEoMCMGCSqGSIb3DQEJBDEWBBQPwpnCpS/R
>
>
xOTYuabEYmz9K8wenTANBgkqhkiG9w0BAQEFAARAGpP6RvtI8jKAjsUiTD3vbHDeO98F3mjWam6V
>
>
red4bTvbBiVPrhZOGARrFD9mrhWHYI16TnIhmJHgwFl5T8wvGQAAAAAAAA==
>
>
> I am not able to resolve this error even after going
> thru documentation
> and mailing archieve.
>
> Any help would greatly help me to complete my
> project in time.
>
> I am using IAIK-JCE 2.51 version.
>
> regards,
> Ramana.
>
> --
> Mailinglist-archive at
>
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
>
> To unsubscribe send an email to listserv@iaik.at
> with the folowing content: UNSUBSCRIBE iaik-jce
>


__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




smime.p7s