EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signing failed (error 83975)

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 01/18/2010 18:25:14
by Cezar Botez (Priority Standard support level)
Joined: 08/28/2009
Posts: 22

It happens sporadically, once every 4 to 8 hundred documents I sign and timestamp using a certificate on a token. A second attempt to sign the document ends successfully.


SBPDF.EElPDFSecurityHandlerError: Signing failed (error 83975 )
at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHashPKCS7(Byte[] Hash, Int32 StartIndex, Int32 Count)
at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count)
at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate)
at SBPDF.TElPDFDocument.Close(Boolean Save)
at CertifyDocument.Signer.SignDocument.SignDocumentCertAuthStore(Stream stream, String permission_password) in [removed project path and source code line number here]

Is it the code for signing, the token or the fact that the document is sent to another computer for signing? If you need more information, please let me know.

Thank you,
Posted: 01/19/2010 00:30:50
by Eugene Mayevski (Team)

Please describe the problem in more details, i.e. where you take the certificate from (and via which interface), what version of Windows and .NET is used etc..

Sincerely yours
Eugene Mayevski
Posted: 01/19/2010 07:16:23
by Ken Ivanov (Team)

Error 83975 (0x14807, SB_TSP_ERROR_WRONG_NONCE) is a timestamping error returned if the server replied with a nonce that does not correspond to the one included to the client request. There are many actual reasons for this issue to occur (some buggy servers may provide wrong nonce values, the other ones incorrectly react for client requests without nonce etc.). In some cases it would be reasonable to turn on the SBTSPClient.Unit.tsoIgnoreBadNonce flag in the TElCustomTSPClient.Options flag set. In others it would make sense to assign some non-empty value to the TElCustomTSPClient.Nonce property to make a particular server understand the request.

So, besides answering Eugene's questions, can you please also specify whether you are using the same timestamping server or several different ones? Does the issue always occur with some particular timestamping server(s)?
Posted: 01/19/2010 16:58:25
by Cezar Botez (Priority Standard support level)
Joined: 08/28/2009
Posts: 22

I appreciate your quick reply.

Answered to both Eugene and Innokentiy:

Certificate stored on a iKey-2032 USB authenticator.
One single certificate on the token.
A client application streams (TCP) the PDF document to a server application that signs it with the certificate found on the token and streams it back to the client.
One single server (GlobalSign) for timestamping.

Client application: C#, .NET 3.5, console application running on XP; streams PDF documents as they get created.
Server application: C#, .NET 3.5, Windows service running on Windows 2003 Server Edition; lines-up received PDF documents in a queue, signs them, one by one (no overlapping), and sends them back to the client.
SBB 7.2

In the meantime, I moved the server application to another computer to see if this error is related to a specific environment.

Innokentiy, I will take your suggestions into consideration and change the software if nothing else works out.

Thank you,
Posted: 01/20/2010 03:27:36
by Ken Ivanov (Team)

Thank you for the details.

I have just reviewed the code and found out that Nonce is set to non-empty random value automatically. So the server seems to incorrectly react to some particular nonce values generated by SBB. Would it be possible for you to send us a dump of failing communication between the TSP client and the Globalsign server? The dump can be obtained in the following way:
1) implement the routine that dumps binary buffer to a file in the following way:
        private void DumpBinaryToFile(string path, string comment, byte[] arr, int startIndex, int count)
            FileStream f = null;
            if (File.Exists(path))
                f = new FileStream(path, FileMode.Open, FileAccess.Write);
                f.Position = f.Length;
                f = new FileStream(path, FileMode.Create);
                byte[] infostr = SBUtils.Unit.BytesOfString("[" + DateTime.Now.ToLongTimeString() + "] " + comment + "\r\n");
                f.Write(infostr, 0, infostr.Length);
                f.Write(arr, startIndex, count);

2) call this routine from the handlers of OnData and OnSendData events of TElHTTPSClient object, passing the data buffer to it.

3) delete the dump file before each signing operation. Once the issue is reproduced, please post the dump file to the Helpdesk for investigation. The dump does not contain any private or sensitive information, so you can freely share it with us.

Thank you in advance.
Posted: 02/04/2010 16:18:23
by Cezar Botez (Priority Standard support level)
Joined: 08/28/2009
Posts: 22

Changes in version 7.2.169 show a minor bug fixed: "Fixed minor client-side TSP issue causing intermittent WRONG NONCE errors". I assume it's related to the issue raised in this topic. The good news is that signing is faster than before. On the other hand, the not so good news is that I still get the error.

Downloaded .NET 7.2.169 (files still showing version 7.2.168).

Is there a work around I need to implement in order to benefit from the fix? If necessary, I can send you some dump files from the latest run.

Thank you,
Posted: 02/04/2010 23:20:52
by Ken Ivanov (Team)

Yes, the original issue (illustrated by the dump files you have sent) was fixed. It is likely that there still exists some other reason causing the issue with the same symptoms. So it would be great if you provide us with new dump files.
Posted: 02/22/2010 12:58:46
by Cezar Botez (Priority Standard support level)
Joined: 08/28/2009
Posts: 22

Good news: the error is gone. You've done a great job. And thank you for the excellent support.

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.



Topic viewed 3145 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!