EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Verifying a CMS timestamp with TElMessageVerifier

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#24100
Posted: 03/14/2013 08:17:45
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

I've just stumbled upon the SBB PKI classes and tried to verify a CMS timestamp with little luck. SBB Version is 10.0.233 and the target Framework is 4.5.
This block of code tells me the digest is invalid

Code
byte[] message_bytes = Encoding.UTF8.GetBytes("test_message");
byte[] timestamp_bytes = Convert.FromBase64String(base64timestamp); // see attachment for matching base64 demo timestamp

TElMessageVerifier verifier = new TElMessageVerifier();
verifier.InputIsDigest = false;
verifier.VerificationOptions = 5;
int result = verifier.VerifyDetached(message_bytes, timestamp_bytes);

result is 8205 afterwards.

The digest was created with SHA256 OID 2.16.840.1.101.3.4.2.1

According to http://www.signature-check.de/en.html a text file containing test_message validates against the attached timestamp which would be correct.

And Ideas what I'm doing wrong?


[ Download ]
#24102
Posted: 03/14/2013 08:29:09
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Are you sure that message should be in UTF8 encoding? Its possible that another encoding is used during the signing process.
#24141
Posted: 03/18/2013 11:36:20
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

The byte array of the message doesn't change wether I switch it to ANSI or UTF-8. In the end I don't want to timestamp text messages but rather large binary files. This is just for testing purposes as I figured I'd just need some sort of byte[] to work with, be it a text file or some other binary file.

In my test environment, message_bytes is hashed with SHA256Managed and then a timestamp is produced by our TSA. They replied to me and told me, the timestamps their servers produce are according to RFC3161. It verifies with

Code
verifier.VerificationOptions = 1;


So the certificates seem to be valid. More important would be the digest so according to the documentation this is what I should use.

Code
verifier.VerificationOptions = 5;


and that one fails with 8205 for some reason.
#24147
Posted: 03/18/2013 13:09:32
by Vsevolod Ievgiienko (EldoS Corp.)

Just noticed that you use TElMessageVerifier.VerifyDetached() method to verify the signature but its not a detached one. Please try to use TElMessageVerifier.Verify() instead.
#24158
Posted: 03/19/2013 03:41:55
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

Hmm, well with TElMessageVerifier.Verify() I get a result of 0 and some binary output that at seems to contain the name of our TSA somewhere inside.

I suppose this only verifies the certificate chain and not if the timestamped hash matches the original file?

Normally there is a message file that contains some binary data and needs to be timestamped and the separate timestamp file generated by our TSA. Normally I give them a SHA256 Hash of the message file and they wrap a timestamp around that hash. The message file stays unchanged.

So when they generate a timestamp, I'd like to check if the timestamp matches the message file. I suppose a simple Verify() doesn't check that as it doesn't even get the message file in any way.
#24159
Posted: 03/19/2013 03:47:19
by Eugene Mayevski (EldoS Corp.)

The procedure you have described (pass the hash that is timestamp) doesn't look like a CMS timestamp. It can be either pure TSP (TSP protocol does timestamp the hash of the data) or maybe RFC 5544 timestamp.

So the first question to address is what standard does the procedure comply to. Once you know how the procedure is defined, you can implement the opposite procedure.


Sincerely yours
Eugene Mayevski
#24160
Posted: 03/19/2013 04:06:03
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

Some other standard is what I believe as well at this point.

I've asked them earlier last week and they told me RFC3161 is what they do.
http://www.ietf.org/rfc/rfc3161.txt sounds like TSP but I don't know that much about the whole thing.
#24161
Posted: 03/19/2013 04:10:01
by Eugene Mayevski (EldoS Corp.)

Yes, that's TSP.

Try doing the following:
1) create an instance of TElClientTSPInfo (declared in SBTSPClient namespace)
2) use its ParseCMS method to parse your data.
3) inspect various properties of the object to get information about the timestamp.


Sincerely yours
Eugene Mayevski
#24162
Posted: 03/19/2013 05:31:35
by Frank Munsberg (Standard support level)
Joined: 06/04/2009
Posts: 47

Yes, great, that worked! Thanks!
TElClientTSPInfo.HashedData holds the hashed data and .HashAlgorithm also matches. According to the docs 28932 == 0x7104 == SHA256.
Those properties somehow aren't in the documentation but I suppose that is OK.
There is a property .IgnoreBadSignature which defaults to true. Should I set that to false before calling .ParseCMS ?

So I could just load up the response timestamp and compare HashedData and HashAlgorithm.

Certificate validation of TElClientTSPInfo.Certificates probably works like in your OCSPClient demo project, right?
I'd do that in a later step as the machine that compares the hashes most likely can't check them online due to firewalls etc.
#24163
Posted: 03/19/2013 05:43:19
by Eugene Mayevski (EldoS Corp.)

Quote
Frank Munsberg wrote:
There is a property .IgnoreBadSignature which defaults to true. Should I set that to false before calling .ParseCMS ?


Yes in your case.

Quote
Frank Munsberg wrote:
Certificate validation of TElClientTSPInfo.Certificates probably works like in your OCSPClient demo project, right?


You better use TElX509CertificateValidator for validation. Do the search for this name through the samples folder (validator is used in many samples but not in all).


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2141 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!