[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-capicom
Subject: Question for Michel
From: Antonio Massaro <amassaro () ECS ! NET>
Date: 2003-01-22 16:25:09
[Download RAW message or body]
Hi Michel,
could you tell me more about MS JVM Java<-->CAPICOM interoperation?
My app already does everything I need with CAPICOM, but since it is made with ASP.NET \
and Jscript there is that problem with dialog box not localized (only English) we \
discussed some days ago. Ryan told me wrapping CAPICOM in java applet can solve. I \
don't have a lot of experience with Java (just theory) and it would be also an \
opportunity to do some practice. I know very well C, C++ and C# and I have Vstudio 6, \
and Vstudio .NET and MSDN universal. Could you point me to some links and samples to \
learn how to make a Java applet working in the browser that calls CAPICOM? Do you \
think it is possible having the tools I mentioned above? Thank you in advance.
Antonio
----- Original Message -----
From: Michel Gallant (MVP)
To: CAPICOM@DISCUSS.MICROSOFT.COM
Sent: Wednesday, January 22, 2003 4:12 PM
Subject: Re: Verifying signatures from Capicom in Java
Hi Jose,
Standard Java only supports *raw* signed hashes, and NOT CMS/pkcs7 signatures
(which is what CAPICOM generates).
So, in your lower example:
Signature sig = Signature.getInstance("SHA1withRSA");
returns a raw signed hash (which IS accessible via capi, but not via CAPICOM).
To verify a CAPICOM-generated pkcs7 signature in Java, you will need a 3rd
party add-on to Java, such as BouncyCastle provider.
Here is an example of verifying CAPICOM-generated (or any standard) CMS-pkcs7 \
signature (with or without UNICODE encoding of the byte data):
http://pages.istar.ca/~neutron/javacrypto/VerifyP7s.txt
Generally, with any pkcs7 verification software, you will need to check (if data is \
detached) if the data was represented as ascii or UNICODE encoded. Also, you *may* \
need to reverse the hash byte order :-(
Another solution, which works is to use MS JVM and access CAPICOM on the client
(if available) directly from Java using MS JVM Java<-->COM interop capability.
Cheers,
Jose Luis Avial wrote:
> Hi!:
>
> I'm rying to verify a signature made by Capicom in Java. For this, i use
> the next code:
>
> function Firmar(textoPlano,cert)
> {
> // Creamos los objetos COM necesarios
> var SignedData = new ActiveXObject("CAPICOM.SignedData");
> var Signer = new ActiveXObject("CAPICOM.Signer");
> var TimeAttribute = new ActiveXObject("CAPICOM.Attribute");
> // Solo se puede firmar si se ha facilitado un certificado
> if (cert!= null)
> {
> //Introducimos el texto a firmar
> SignedData.Content = textoPlano;
> try
> {
> // Establecemos el certificado facilitado para la firma
> Signer.Certificate = cert;
> // Firmamos
> var szSignature = SignedData.Sign(Signer, true,
> CAPICOM_ENCODE_BASE64);
> }
> catch (e)
> {
> if (e.number != CAPICOM_E_CANCELLED)
> {
> alert("Se produjo un error cuando se intentaba firmar el texto. El
> error fue : " + e.description);
> return false;
> }
> }
> }
> else
> {
> alert("No se ha seleccionado ningún certificado.");
> }
> return(szSignature);
> }
>
> The function returns the signature. When I verify the signature in the
> cliente side, by signedDate.verify, the result is correct
>
> But when I try to verify the signature in Java, it sais that the signature
> is false. The code is:
>
> public boolean VerificarFirma(String cadena, String firma, String titular)
> {
> FileInputStream certfis = new FileInputStream("d:/certificado.cer");
> java.security.cert.CertificateFactory cf
> =ava.security.cert.CertificateFactory.getInstance("X.509");
> java.security.cert.Certificate cert = cf.generateCertificate(certfis);
>
> //Creamos el objeto signatura para verificar firmas con RSA
> Signature sig = Signature.getInstance("SHA1withRSA");
>
> //Inicializamos el objeto Firma con el certificado
> sig.initVerify (cert);
>
> //Sumnistramos al objeto signature los datos para los que se genero la
> firma
> A=cadena.getBytes("UnicodeLittleUnmarked");
> B=firma.getBytes("UnicodeLittleUnmarked");
>
> sig.update(A);
> verifies = sig.verify(B);
> _logger.debug("Firma verificada :" +verifies);
>
> I pass the string returned by the sign function directly to the method. I
> don't know which is the problem. Any idea?
>
> A lot of thanks
>
> Jose Luis Avial
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Hi Michel,</DIV>
<DIV>could you tell me more about MS JVM Java<-->CAPICOM
interoperation?</DIV>
<DIV> </DIV>
<DIV>My app already does everything I need with CAPICOM, but since it is made
with ASP.NET and Jscript there is that problem with dialog box not localized
(only English) we discussed some days ago. Ryan told me wrapping CAPICOM in java
applet can solve.</DIV>
<DIV>I don't have a lot of experience with Java (just theory) and it would be
also an opportunity to do some practice. I know very well C, C++ and C# and I
have Vstudio 6, and Vstudio .NET and MSDN universal.</DIV>
<DIV>Could you point me to some links and samples to learn how to make a Java
applet working in the browser that calls CAPICOM?</DIV>
<DIV>Do you think it is possible having the tools I mentioned above?</DIV>
<DIV>Thank you in advance.</DIV>
<DIV>Antonio</DIV>
<DIV> </DIV>
<DIV>----- Original Message ----- </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=neutron@ISTAR.CA href="mailto:neutron@ISTAR.CA">Michel Gallant
(MVP)</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=CAPICOM@DISCUSS.MICROSOFT.COM
href="mailto:CAPICOM@DISCUSS.MICROSOFT.COM">CAPICOM@DISCUSS.MICROSOFT.COM</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, January 22, 2003 4:12
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: Verifying signatures from
Capicom in Java</DIV>
<DIV><BR></DIV>Hi Jose,<BR>Standard Java only supports *raw* signed hashes,
and NOT CMS/pkcs7 signatures<BR>(which is what CAPICOM generates).<BR>So, in
your lower example:<BR> Signature sig =
Signature.getInstance("SHA1withRSA");<BR>returns a raw signed hash (which IS
accessible via capi, but not via CAPICOM).<BR><BR>To verify a
CAPICOM-generated pkcs7 signature in Java, you will need a 3rd<BR>party add-on
to Java, such as BouncyCastle provider.<BR>Here is an example of verifying
CAPICOM-generated (or any standard) CMS-pkcs7 signature<BR>(with or without
UNICODE encoding of the byte data):<BR> <A
href="http://pages.istar.ca/~neutron/javacrypto/VerifyP7s.txt">http://pages.istar.ca/~neutron/javacrypto/VerifyP7s.txt</A><BR><BR>Generally, \
with any pkcs7 verification software, you will need to check (if data is
detached)<BR>if the data was represented as ascii or UNICODE encoded.
Also, you *may* need to<BR>reverse the hash byte order :-(<BR><BR>Another
solution, which works is to use MS JVM and access CAPICOM on the client<BR>(if
available) directly from Java using MS JVM Java<-->COM interop
capability.<BR><BR>Cheers,<BR><BR>Jose Luis Avial wrote:<BR><BR>>
Hi!:<BR>><BR>> I'm rying to verify a signature made by Capicom in Java.
For this, i use<BR>> the next code:<BR>><BR>> function
Firmar(textoPlano,cert)<BR>> {<BR>> // Creamos
los objetos COM necesarios<BR>> var SignedData = new
ActiveXObject("CAPICOM.SignedData");<BR>> var Signer = new
ActiveXObject("CAPICOM.Signer");<BR>> var TimeAttribute = new
ActiveXObject("CAPICOM.Attribute");<BR>> // Solo se puede
firmar si se ha facilitado un certificado<BR>> if (cert!=
null)<BR>> {<BR>>
//Introducimos el texto a firmar<BR>>
SignedData.Content = textoPlano;<BR>>
try<BR>>
{<BR>> // Establecemos el certificado
facilitado para la firma<BR>>
Signer.Certificate = cert;<BR>> //
Firmamos<BR>> var szSignature =
SignedData.Sign(Signer, true,<BR>>
CAPICOM_ENCODE_BASE64);<BR>>
}<BR>> catch
(e)<BR>>
{<BR>> if (e.number !=
CAPICOM_E_CANCELLED)<BR>>
{<BR>> alert("Se produjo un
error cuando se intentaba firmar el texto. El<BR>> error fue : " +
e.description);<BR>> return
false;<BR>>
}<BR>>
}<BR>> }<BR>>
else<BR>> {<BR>>
alert("No se ha seleccionado ningún
certificado.");<BR>> }<BR>>
return(szSignature);<BR>> }<BR>><BR>> The function
returns the signature. When I verify the signature in the<BR>> cliente
side, by signedDate.verify, the result is correct<BR>><BR>> But when I
try to verify the signature in Java, it sais that the signature<BR>> is
false. The code is:<BR>><BR>> public boolean VerificarFirma(String
cadena, String firma, String titular)<BR>> {<BR>>
FileInputStream certfis = new
FileInputStream("d:/certificado.cer");<BR>>
java.security.cert.CertificateFactory cf<BR>>
=ava.security.cert.CertificateFactory.getInstance("X.509");<BR>>
java.security.cert.Certificate cert =
cf.generateCertificate(certfis);<BR>><BR>> //Creamos el objeto
signatura para verificar firmas con RSA<BR>> Signature sig =
Signature.getInstance("SHA1withRSA");<BR>><BR>> //Inicializamos el
objeto Firma con el certificado<BR>> sig.initVerify
(cert);<BR>><BR>> //Sumnistramos al objeto signature los datos
para los que se genero la<BR>> firma<BR>>
A=cadena.getBytes("UnicodeLittleUnmarked");<BR>>
B=firma.getBytes("UnicodeLittleUnmarked");<BR>><BR>>
sig.update(A);<BR>> verifies = sig.verify(B);<BR>>
_logger.debug("Firma verificada :" +verifies);<BR>><BR>> I pass the
string returned by the sign function directly to the method. I<BR>> don't
know which is the problem. Any
idea?<BR>><BR>> A lot of
thanks<BR>><BR>> Jose
Luis Avial<BR></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic