EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature Corrupted ICAO data

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 12/06/2010 19:38:30
by David Rodriguez (Basic support level)
Joined: 12/06/2010
Posts: 2


I would like to verify a signed data inside a electronic passport. ICAO manual says that implementation follows RFC 3369.

I created a TElSignedCMSMessage object and with "open" method, I loaded the object from a stream.

.Certificates.Count is 1, as well as .SignatureCount, so both, certificate and signature are present.

But when I try x.Signatures[0].Validate I always get casvSignatureCorrupted.

I tried CSM Manager sample and I can see all the values, but it didn't show signature validation menu.

Values of signature are (CSM Manager):
Digest algorithm 0x7101
Public key algorithm 0x7FFF
Signature algorithm 0x0003
signed attribute #0: 1.2.840.113549.1.9.4

If neccesary, I may post the signed data (it's only 2Kb).

Thanks in advance.
Posted: 12/07/2010 02:15:29
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Could you please post the signed data.
Posted: 12/07/2010 02:24:43
by Ken Ivanov (EldoS Corp.)

Please also re-check that you are calling the SetLicenseKey() method and passing the evaluation license key there. Without calling SetLicenseKey() the components will give inconsistent results.

You can validate the signature in the CMSManager sample by right-clicking on a signature node and choosing the "Validate" entry in pop-up menu.
Posted: 12/07/2010 06:36:08
by David Rodriguez (Basic support level)
Joined: 12/06/2010
Posts: 2


I confirmed that SetLicenseKey is called.

In CMSManager I managed to get Validate menu and unmarking most of validation properties, it is working. I think I should dig into that code.

Here is the signed data.

[ Download ]
Posted: 12/07/2010 06:58:24
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for posting the data file.

CMSManager demo application validates your data without errors. I think the code of this demo will help you.
Posted: 12/07/2010 07:00:21
by Ken Ivanov (EldoS Corp.)

Thank you for the file.

What version of SecureBlackbox are you using? CMSManager from the latest build reports "incomplete certificate chain" validation error for me, and it is natural, as the signature only contains signer's certificate (and all the further certificates forming the chain are missing).
Posted: 12/07/2010 07:16:28
by Ken Ivanov (EldoS Corp.)

Amendment: Signature is reported as valid if complete chain validation checkbox is turned off. If it's on, an "incomplete certificate chain" error is [normally] returned.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.



Topic viewed 1863 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!