EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS7 Signature

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 07/07/2009 03:29:27
by Miguel Bazzano (Basic support level)
Joined: 07/07/2009
Posts: 2

Hi there,

I am currently using SecureBlackBox to verify signatures produced by a third party product.

I can read, verify and access the signature certificates without any problems using the TElMessageVerifier class. The problem arises when trying to read the attributes, for example signingDescription or id-aa-ets-signerLocation.

Am I using the correct class for this? Is there another class that can read the PKCS7 signatures and correctly parse the content?
Posted: 07/07/2009 03:36:20
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

What exactly problems with attributes processing do you encounter?

TElMessageVerifier is a simple class for validating PKCS#7 signatures. SecureBlackbox also includes another PKCS#7-processing class, TElSignedCMSMessage, which is more complex and flexible.
Posted: 07/07/2009 04:28:36
by Miguel Bazzano (Basic support level)
Joined: 07/07/2009
Posts: 2

Thanks for your prompt answer.

The problem with the attributes are the following:

-signingDescription (OID:1 2 840 113549 1 9 13) when I use the TElMessageVerifier.Attributes.get_Attributes method I am missing the first two bytes of the OID (I assume that this method returns the OID for the attribute).
-additionally with the id-aa-ets-signerLocation (OID: 1 2 840 113549 1 9 16 2 17) I get the data in an unknown format (I get a TagID of 48 which is unknown to me), although the content seems to be there I have some separators characters.

If I were to use the TelSignedCMSMessage could you please provide an example on how I would go about creating a TelSignedCMSMessage object if I have a byte array with the data and another byte array with the signature in PKCS7 format?
Posted: 07/07/2009 06:20:01
by Ken Ivanov (EldoS Corp.)

SecureBlackbox represents all object identifiers in ASN.1 DER-encoded format. I.e., 1.2.840.113549.1.9.13 OID is represented with a (0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0D) byte array.

Attribute values are returned in ASN.1-encoded form as well. The ID of 48 corresponds to the SEQUENCE tag. Use SecureBlackbox ASN.1 classes (TElASN1ConstrainedTag and TElASN1SimpleTag) to process ASN.1 data.

Please take a look at the CMSManager sample. It is a good guide for the usage of TElSignedCMSMessage class.



Topic viewed 1271 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!