EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Exceptions with SecureBlackbox v 7.0.0.156

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#32478
Posted: 03/04/2015 08:17:13
by Mikel Davalillo (Basic support level)
Joined: 03/04/2015
Posts: 2

Hi
I'm maintainer of a software which was developed in Visual Studio 2008, .Net 3.5 and SecureBlackbox software.
This software reports three usual exception from SecureBox sofware:

1º Exception:
SBCryptoProvWin32.EElWin32CryptoProviderError: Signing failed
at SBCryptoProvWin32.TElWin32CryptoProvider.SignFinal(TElCustomCryptoContext Context, Byte[]& Buffer, Int32 StartIndex, Int32& Size, TElCPParameters Params, TSBProgressFunc ProgressFunc, Object ProgressData)
at SBPublicKeyCrypto.TElRSAPublicKeyCrypto.SignFinal()
at SBPublicKeyCrypto.TElPublicKeyCrypto.InternalSignDetached()
at SBPublicKeyCrypto.TElPublicKeyCrypto.SignDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutIndex, Int32& OutSize)
at SBXMLSig.TElXMLSigner.SignRSA(Byte[] Buf, TElRSAKeyMaterial KeyMaterial, Int16 AMethod)
at SBXMLSig.TElXMLSigner.CalculateSignatureValue(Byte[] Buf)
at SBXMLSig.TElXMLSigner.Save(TElXMLDOMNode& Node)
at SignLayer.XMLSignature.XAdESSigner..ctor(XMLSignatureProperties SignatureProperties, CertificateSelector CertSelected, Stream InputObject, TElXMLDOMNode BBNode2Sign)
--- End of inner exception stack trace ---
at SignLayer.XMLSignature.XMLSigner.Sign(Stream InputObject)
at BizLayerNT.SignerService.CryptoXmlBridge.Sign(StreamReader Doc2Sign)

2º Exception:
SBCryptoProvWin32.EElWin32CryptoProviderError: Buffer too small
at SBCryptoProvWin32.TElWin32CryptoProvider.SignFinal(TElCustomCryptoContext Context, Byte[]& Buffer, Int32 StartIndex, Int32& Size, TElCPParameters Params, TSBProgressFunc ProgressFunc, Object ProgressData)
at SBPublicKeyCrypto.TElRSAPublicKeyCrypto.SignFinal()
at SBPublicKeyCrypto.TElPublicKeyCrypto.InternalSignDetached()
at SBPublicKeyCrypto.TElPublicKeyCrypto.SignDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutIndex, Int32& OutSize)
at SBXMLSig.TElXMLSigner.SignRSA(Byte[] Buf, TElRSAKeyMaterial KeyMaterial, Int16 AMethod)
at SBXMLSig.TElXMLSigner.CalculateSignatureValue(Byte[] Buf)
at SBXMLSig.TElXMLSigner.Save(TElXMLDOMNode& Node)
at SignLayer.XMLSignature.XAdESSigner..ctor(XMLSignatureProperties SignatureProperties, CertificateSelector CertSelected, Stream InputObject, TElXMLDOMNode BBNode2Sign)
--- End of inner exception stack trace ---
at SignLayer.XMLSignature.XMLSigner.Sign(Stream InputObject)
at BizLayerNT.SignerService.CryptoXmlBridge.Sign(StreamReader Doc2Sign)
--- End of inner exception stack trace ---
at BizLayerNT.SignerService.CryptoXmlBridge.Sign(StreamReader Doc2Sign)
at BizLayerNT.SignerService.SignerService.XmlSignObject(XmlDocument Doc, String Type, SignatureDescriptor SignatureDescriptor, ICryptographyProfile CertProfile)

3º Exception:
SBCryptoProvWin32.EElWin32CryptoProviderError: Signing failed
at SBCryptoProvWin32.TElWin32CryptoProvider.SignFinal(TElCustomCryptoContext Context, Byte[]& Buffer, Int32 StartIndex, Int32& Size, TElCPParameters Params, TSBProgressFunc ProgressFunc, Object ProgressData)
at SBPublicKeyCrypto.TElRSAPublicKeyCrypto.SignFinal()
at SBPublicKeyCrypto.TElPublicKeyCrypto.InternalSignDetached()
at SBPublicKeyCrypto.TElPublicKeyCrypto.SignDetached(Byte[] InBuffer, Int32 InIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutIndex, Int32& OutSize)
at SBXMLSig.TElXMLSigner.SignRSA(Byte[] Buf, TElRSAKeyMaterial KeyMaterial, Int16 AMethod)
at SBXMLSig.TElXMLSigner.CalculateSignatureValue(Byte[] Buf)
at SBXMLSig.TElXMLSigner.Save(TElXMLDOMNode& Node)
at SignLayer.XMLSignature.XAdESSigner..ctor(XMLSignatureProperties SignatureProperties, CertificateSelector CertSelected, Stream InputObject, TElXMLDOMNode BBNode2Sign)
--- End of inner exception stack trace ---
at SignLayer.XMLSignature.XMLSigner.Sign(Stream InputObject)
at BizLayerNT.SignerService.CryptoXmlBridge.Sign(StreamReader Doc2Sign)
--- End of inner exception stack trace ---
at BizLayerNT.SignerService.CryptoXmlBridge.Sign(StreamReader Doc2Sign)
at BizLayerNT.SignerService.SignerService.XmlSignObject(XmlDocument Doc, String Type, SignatureDescriptor SignatureDescriptor, ICryptographyProfile CertProfile)

Can you help me to understand the problems, because these exceptions not always happen.

Thanks!
#32483
Posted: 03/04/2015 08:32:08
by Eugene Mayevski (EldoS Corp.)

Windows CryptoAPI fails to perform the signing operation using the certificate with non-exportable private key . It's not possible to find the reasons for this behavior without deep investigation.

Given that your version is 6-year-old, it makes sense to create a test case using version 7, ensure that the error is reproducible, and then install SecureBlackbox 12 and try the same test case with version 12. This way we will know if the problem can be solved by upgrading SecureBlackbox version or some other action is needed.


Sincerely yours
Eugene Mayevski
#32484
Posted: 03/04/2015 09:15:17
by Mikel Davalillo (Basic support level)
Joined: 03/04/2015
Posts: 2

Thanks you for the reply.

The application use an external certificate warehouse called "RedTrust":
http://www.evolium.com/certificate-lifecycle-management

If our solution use a non-exportable private key certificate, it always fails no? But the solution normally works fine, so I think that the application can work fine with this certificates. I hope that the certificates aren't the problem on this scenario.

In some cases, the solution don't create an exception but it makes an incorrect signature.

Thanks for your interest!
#32485
Posted: 03/04/2015 09:18:53
by Eugene Mayevski (EldoS Corp.)

It doesn't matter what certificate is used -- the issue is caused either by the mistake in the source code or by some CryptoAPI glitch.

The solution is not in using a certificate with non-exportable private key. In opposite, if the key were exportable, the problem would go away (most likely).

Let me repeat that it's hard to work on the problem with the software which is 5 versions behind. We made a number of compatibility improvements and other improvements since then, and the first step is to try the latest version. If it doesn't solve the problem, then we can try working on the issue using this latest version.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 436 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!