Re: [iaik-jce] PKCS#7 verification

Dieter Bratko (Dieter.Bratko@iaik.at)
Thu, 15 Jul 1999 16:47:05 +0200

From: "Dieter Bratko" <Dieter.Bratko@iaik.at>
To: "Ismael Blesa Part" <iblesa@tissat.es>, <java-security@java.sun.com>,
Subject: Re: [iaik-jce] PKCS#7 verification
Date: Thu, 15 Jul 1999 16:47:05 +0200

----IAIK.SMIME.MAPPER.4E2A60E5--
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sun-Content-Length: 9537

Your ASN.1 output shows that the SignedData is wrapped into a ContentInfo.
So you first have to create a ContentInfo from the message and subsequently
call its getContent method to obtain the SignedData. Since now you cannot
use the SignedData(byte[] content, AlgorithmID[] hashAlgorithms) algorithm
for an explicit message, you yourself may calculate the hash over the
content - received by other means - for any participated hash algorithm.
Subsequently call the setMessageDigest(...) method repeatedly to set the
hash values. Now you can verify the signature, e.g. (assuming only one hash
algorithm has been used):

// calculate the hash over the content received outside the message
MessageDigest md =3D java.security.MessageDigest.getInstance("SHA");
md.update(message);
byte[] digest =3D md.digest();
// parse the ContentInfo
ContentInfo ci =3D new ContentInfo(pkcs7Object);
// get the SignedData from the ContentInfo
SignedData sd =3D (SignedData)ci.getContent();
// set the hash
sd.setMessageDigest(AlgorithmID.sha, digest);
// now verify
SignerInfo[] signer_infos =3D sd.getSignerInfos();
for (int i=3D0; i<signer_infos.length; i++) {
try {
// verify the signed data using the SignerInfo at index i
X509Certificate signer_cert =3D sd.verify(i);
// if the signature is OK the certificate of the signer is returned
System.out.println("Signature OK from signer:
"+signer_cert.getSubjectDN());
} catch (SignatureException ex) {
// if the signature is not OK a SignatureException is thrown
System.out.println("Signature ERROR from signer:
"+signed_data.getCertificate(signer_infos[i].getIssuerAndSerialNumber()).get
SubjectDN());
ex.printStackTrace();
System.exit(-1);
}
}
----- Original Message -----
From: Ismael Blesa Part <iblesa@tissat.es>
To: <java-security@java.sun.com>; <iaik-jce@iaik.tu-graz.ac.at>
Sent: Thursday, July 15, 1999 12:12 PM
Subject: [iaik-jce] PKCS#7 verification

>
> I'm trying to verify the encrypted digest in a Pkcs#7 signedData
> object. But I have some problems with the format.
> I am using the IAIK.JCE2.5 . http://jcewww.iaik.tu-graz.ac.at/
> I don't understand why the ASN1object that I get from ASN1 is so small,
> and later
> when I try to use it I get an exception.
>
> What I am doing wrong?
>
>
> this is the code I have problems with
>
> ASN1 asn1 =3D new ASN1(pkcs.getBytes());
> out.println("asn1:"+asn1.toString());
> ASN1Object asn1_object =3D asn1.toASN1Object();
> out.println("----------------------------------------------------");
> out.println("asn1_object:"+asn1_object.toString());
>
> AlgorithmID[] algIDs =3D { AlgorithmID.sha1, AlgorithmID.md5 };
> try {
> signed_data =3D new SignedData(message, algIDs);
> out.println("obtenemos el objeto SignedData");
> } catch (NoSuchAlgorithmException ex) {
> throw new PKCSException(ex.getMessage());
> }
>
> // get an InputStream for reading the signed content
> InputStream data =3D signed_data.getInputStream();
> ByteArrayOutputStream os =3D new ByteArrayOutputStream();
> StreamCopier sc =3D new StreamCopier(data, os);
> sc.copyStream();
>
> try {
> signed_data.decode(obj);
> } catch (PKCSParsingException pkcs) {
> out.println("PKCSParsingException"+pkcs.toString());
> }
>
> And the output is:
>
> asn1:SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D PKCS#7 signedData
> CONTEXTSPECIFIC[C] =3D [0] EXPLICIT
> SEQUENCE[C] =3D 5 elements
> INTEGER =3D 1
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D SHA
> NULL =3D null
> SEQUENCE[C] =3D 1 elements
> OBJECT ID =3D PKCS#7 data
> CONTEXTSPECIFIC[C] =3D [0] EXPLICIT
> SEQUENCE[C] =3D 3 elements
> SEQUENCE[C] =3D 7 elements
> CONTEXTSPECIFIC[C] =3D [0] EXPLICIT
> INTEGER =3D 2
> INTEGER =3D 527
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D md5WithRSAEncryption
> NULL =3D null
> SEQUENCE[C] =3D 5 elements
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D countryName
> PrintableString =3D "ES"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D stateOrProvinceName
> PrintableString =3D "Madrid"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationName
> PrintableString =3D "ACE"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationalUnitName
> PrintableString =3D "Clase 1"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D commonName
> PrintableString =3D "ACE Clientes1"
> SEQUENCE[C] =3D 2 elements
> UTCTime =3D 990121091651Z
> UTCTime =3D 000121051600Z
> SEQUENCE[C] =3D 7 elements
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D countryName
> PrintableString =3D "es"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D stateOrProvinceName
> PrintableString =3D "Valencia"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D localityName
> PrintableString =3D "Valencia"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationName
> PrintableString =3D "Tissat"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationalUnitName
> PrintableString =3D "Infomarket"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D commonName
> PrintableString =3D "Maria Angeles"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D emailAddress
> IA5String =3D "mangeles@tissat.es"
> SEQUENCE[C] =3D 2 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D rsaEncryption
> NULL =3D null
> BIT STRING =3D 74 byte(s); 0 bit(s) not valid
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D md5WithRSAEncryption
> NULL =3D null
> BIT STRING =3D 128 byte(s); 0 bit(s) not valid
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 6 elements
> INTEGER =3D 1
> SEQUENCE[C] =3D 2 elements
> SEQUENCE[C] =3D 5 elements
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D countryName
> PrintableString =3D "ES"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D stateOrProvinceName
> PrintableString =3D "Madrid"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationName
> PrintableString =3D "ACE"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D organizationalUnitName
> PrintableString =3D "Clase 1"
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D commonName
> PrintableString =3D "ACE Clientes1"
> INTEGER =3D 527
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D SHA
> NULL =3D null
> CONTEXTSPECIFIC[C] =3D [0] EXPLICIT
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D contentType
> SET[C] =3D 1 elements
> OBJECT ID =3D PKCS#7 data
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D signingTime
> SET[C] =3D 1 elements
> UTCTime =3D 990715091946Z
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D symmetricCapabilities
> SET[C] =3D 1 elements
> SEQUENCE[C] =3D 1 elements
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D RC2-CBC
> INTEGER =3D 40
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D messageDigest
> SET[C] =3D 1 elements
> OCTET STRING =3D 20 bytes: B1:66:50:B9:70...
> SEQUENCE[C] =3D 2 elements
> OBJECT ID =3D rsaEncryption
> NULL =3D null
> OCTET STRING =3D 64 bytes: BA:D1:1E:A3:16...
>
> ----------------------------------------------------
> asn1_object:SEQUENCE[C] =3D 2 elements
> PKCSParsingException: iaik.pkcs.PKCSParsingException: Next ASN.1 object
> is no INTEGER!
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>

----IAIK.SMIME.MAPPER.4E2A60E5--
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
X-Sun-Content-Length: 2303

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA
oIIErDCCApcwggIEoAMCAQICBwCC2HemXDgwCQYFKw4DAh0FADBUMQswCQYDVQQG
EwJBVDEeMBwGA1UEChMVSUFJSyBJTlRSQU5FVCBDQSAxOTk4MSUwIwYDVQQDExxT
L01JTUUgTWFwcGVyIENBIENlcnRpZmljYXRlMB4XDTk5MDUxMDIyMDAwMFoXDTk5
MTIxODIyNTk1OVowazEWMBQGA1UEAxMNRGlldGVyIEJyYXRrbzEkMCIGCSqGSIb3
DQEJARYVRGlldGVyLkJyYXRrb0BpYWlrLmF0MQswCQYDVQQGEwJBVDEeMBwGA1UE
ChMVSUFJSyBJTlRSQU5FVCBDQSAxOTk4MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCB
hwKBgQDpLDaLDmYbsudgx9WbfGe3O/OuMSKes9nwaoov+AGeG/jzvKY1rEpgnB8Q
6tQGp65O0X9U4PqFBCEwPVPjAuCdx+CCWGX16W4xRjujcUN1+Wwz6axEcVPaLY+Z
f2zj/pww5uh2VY5D/GYC/gUug3fi4YuiiNlch/6y0WASyGHGrQIBC6NmMGQwEQYJ
YIZIAYb4QgEBBAQDAgCgMDQGCWCGSAGG+EIBDQQnFiVJQUlLIFMvTUlNRSBNYXBw
ZXIgQ2xpZW50IENlcnRpZmljYXRlMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4
MAkGBSsOAwIdBQADgYEAdsVEukfI8M5FBcBaKMvmXQoTDhcuhTIm4tYqs5MeTshI
xEvFydC5ZSOlvFZbdUJ4fxFXyAmkIsCJvqOpyua72KtVR7ZSN1AWKg41NrSNw8yU
osTu7d58uI/eDWxr86wM8DLvfS+h9HbIEoIdawYSjDyyl0yW5Fo+F2cX2Crtz3Iw
ggINMIIBegIBADAJBgUrDgMCHQUAMFQxCzAJBgNVBAYTAkFUMR4wHAYDVQQKExVJ
QUlLIElOVFJBTkVUIENBIDE5OTgxJTAjBgNVBAMTHFMvTUlNRSBNYXBwZXIgQ0Eg
Q2VydGlmaWNhdGUwHhcNOTgxMjE4MjMwMDAwWhcNOTkxMjE4MjI1OTU5WjBUMQsw
CQYDVQQGEwJBVDEeMBwGA1UEChMVSUFJSyBJTlRSQU5FVCBDQSAxOTk4MSUwIwYD
VQQDExxTL01JTUUgTWFwcGVyIENBIENlcnRpZmljYXRlMIGdMA0GCSqGSIb3DQEB
AQUAA4GLADCBhwKBgQCA09CUoLRC1bPUx+q06dtuiOHvG2Yu32r38ml3jXTjpQm4
Stn0oSuvA/UdGq8WPtuIAIce9lcktJfqmSj/roE1QANKPKpAE5u8pOE8GQScf3b7
DY4soUlp5mKpsSYC9MKtQnluDr4N0Rxwejikg62rHIr1guLSmCAvuCu9ugqlTwIB
AzAJBgUrDgMCHQUAA4GBAGlsDVGrxSMGHLC9gV2+Efw5N0bnBVD6ZI1b6yGxkY/7
ELteay/01HAlwq7qen0XxvQ3jPO6wcsktH7M9GuqlAjGPzqG2qeQcJL+C5R3RwfP
fRdptdKDhBxToLhj3e3yGzq7SZzKruhLrmgGo9NeOWFN/hPkFj8MpMBZ6y5ZNJLR
MYIBuTCCAbUCAQEwXzBUMQswCQYDVQQGEwJBVDEeMBwGA1UEChMVSUFJSyBJTlRS
QU5FVCBDQSAxOTk4MSUwIwYDVQQDExxTL01JTUUgTWFwcGVyIENBIENlcnRpZmlj
YXRlAgcAgth3plw4MAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNOTkwNzE1MTQ0NzEzWjBSBgkqhkiG9w0BCQ8x
RTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAN
BggqhkiG9w0DAgIBKDAHBgUrDgMCBzAjBgkqhkiG9w0BCQQxFgQUUNIG7W08hNKo
Lp1xzOV8sEsdyxMwDQYJKoZIhvcNAQEBBQAEgYCXCMhzkXj0FO0CqBceWK9EIvUt
RPjqeAA/S06s7M6+Jb7srG9TtX0KscDA6fesXxdN8dq5MPLHDGTfz5VmufipUb4B
Of7iXj0xUujIpSWlBOxWBB4w+sPRB2ApsDXLjtr6//yKvTMll2eL1MPKSlSddygm
e6vRaPmCx9O1r0fOkgAAAAAAAA==
----IAIK.SMIME.MAPPER.4E2A60E5----