EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature Corrupted ICAO data

Posted: 12/06/2010 19:38:30
by David Rodriguez (Basic support level)
Joined: 12/06/2010
Posts: 2


I would like to verify a signed data inside a electronic passport. ICAO manual says that implementation follows RFC 3369.

I created a TElSignedCMSMessage object and with "open" method, I loaded the object from a stream.

.Certificates.Count is 1, as well as .SignatureCount, so both, certificate and signature are present.

But when I try x.Signatures[0].Validate I always get casvSignatureCorrupted.

I tried CSM Manager sample and I can see all the values, but it didn't show signature validation menu.

Values of signature are (CSM Manager):
Digest algorithm 0x7101
Public key algorithm 0x7FFF
Signature algorithm 0x0003
signed attribute #0: 1.2.840.113549.1.9.4

If neccesary, I may post the signed data (it's only 2Kb).

Thanks in advance.
Posted: 12/07/2010 02:15:29
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Could you please post the signed data.
Posted: 12/07/2010 02:24:43
by Ken Ivanov (Team)

Please also re-check that you are calling the SetLicenseKey() method and passing the evaluation license key there. Without calling SetLicenseKey() the components will give inconsistent results.

You can validate the signature in the CMSManager sample by right-clicking on a signature node and choosing the "Validate" entry in pop-up menu.
Posted: 12/07/2010 06:36:08
by David Rodriguez (Basic support level)
Joined: 12/06/2010
Posts: 2


I confirmed that SetLicenseKey is called.

In CMSManager I managed to get Validate menu and unmarking most of validation properties, it is working. I think I should dig into that code.

Here is the signed data.

[ Download ]
Posted: 12/07/2010 06:58:24
by Vsevolod Ievgiienko (Team)

Thank you for posting the data file.

CMSManager demo application validates your data without errors. I think the code of this demo will help you.
Posted: 12/07/2010 07:00:21
by Ken Ivanov (Team)

Thank you for the file.

What version of SecureBlackbox are you using? CMSManager from the latest build reports "incomplete certificate chain" validation error for me, and it is natural, as the signature only contains signer's certificate (and all the further certificates forming the chain are missing).
Posted: 12/07/2010 07:16:28
by Ken Ivanov (Team)

Amendment: Signature is reported as valid if complete chain validation checkbox is turned off. If it's on, an "incomplete certificate chain" error is [normally] returned.



Topic viewed 1931 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!