[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: R: Re: R: Re: Validate PKCS7 Signed Message.
From: "Richard RL. Louapre" <richard.louapre () DOCFLOW ! IT>
Date: 2001-09-28 16:46:43
[Download RAW message or body]
If I use CryptSignMessage to Sign Message, how can I verify it with
CryptVerifySignature ?
It turn always : NTE_BAD_SIGNATURE.
I've tried to pass little-endian order to CryptVerifySignature, but
always the same problem.
To the CryptHashData(), I pass data to sign.
I get the PublicKey to CryptImportPublicKeyInfo, and
o the CryptVerifySignature(), I pass data signed in little-endian order.
Is it true ?
-----Messaggio originale-----
Da: Patrick Dolan [mailto:Patrick_Dolan@EFUNDS.COM]
Inviato: venerd́ 28 settembre 2001 17.49
A: CryptoAPI@DISCUSS.MICROSOFT.COM
Oggetto: Re: R: Re: Validate PKCS7 Signed Message.
Richard,
One thing worth considering is that CryptVerifySignature() assumes that
the
PKCS#1 formatted digital signature is passed in little-endian order (the
bytes in the wrong order). So if you did not get the signature from
CryptSignData() you will have to reverse the byte order of the
signature.
Note, the PKCS#7 format used by CryptSignMessage() and
CryptVerifyMessageSignature() are big-endian, including the contained
PKCS#1 signature.
Patrick.
"Richard RL. Louapre"
<richard.louapre@DOCFLOW.IT>@DISCUSS.MICROSOFT.COM>
on 28/09/2001 16:30:36
Please respond to Microsoft Cryptographic API
<CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent by: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM
cc:
Subject: R: Re: Validate PKCS7 Signed Message.
I've always try with this but no success.
-----Messaggio originale-----
Da: Patrick Dolan [mailto:Patrick_Dolan@EFUNDS.COM]
Inviato: venerd́ 28 settembre 2001 16.47
A: CryptoAPI@DISCUSS.MICROSOFT.COM
Oggetto: Re: Validate PKCS7 Signed Message.
Try using CryptVerifyMessageSignature(...)
"Richard RL. Louapre"
<richard.louapre@DOCFLOW.IT>@DISCUSS.MICROSOFT.COM>
on 28/09/2001 14:13:44
Please respond to Microsoft Cryptographic API
<CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent by: Microsoft Cryptographic API <CryptoAPI@DISCUSS.MICROSOFT.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM
cc:
Subject: Validate PKCS7 Signed Message.
I try to validate an PKCS7 Signed Message, but CryptVerifySignature turn
always NTE_BAD_SIGNATURE.
If I use an other tool to verify this message, I've no problem.
I dump an signed message with CryptoAPI (CryptSignMessage) and the
other.
There is any differences :
for example, messageDigest, signingTime are not in the CryptoAPI
message.
I've try this to validate this message:
CryptAcquireContext(&hCryptProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, 0);
CertAddEncodedCertificateToStore(hStore, X509_ASN_ENCODING,
pbCertEncoded, cbCertEncoded,
CERT_STORE_ADD_REPLACE_EXISTING, &pCertContext))
CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
&(pCertContext->pCertInfo->SubjectPublicKeyInfo),
&hCryptKey))
CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash)
CryptHashData(hHash, pbBuffer, dwBufferLen, 0)
CryptVerifySignature(hHash, pbSignature, dwSignatureLen, hCryptKey,
NULL, 0)
HELP !!
Richard LOUAPRE
Applications Developer
E-Mail : richard.louapre@docflow.it
Docflow Italia S.R.L.
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic