EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Verifying a cades bes document

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#32976
Posted: 04/07/2015 07:37:09
by Gaetano Lazzo (Basic support level)
Joined: 12/02/2014
Posts: 14

Hi,
I'm trying to verify a cades signed document.
My code is simply:
Code
public static MemoryStream ReadCADESSignedBuffer(MemoryStream fsIn) {
            fsIn.Seek(0, System.IO.SeekOrigin.Begin);
            TElMessageVerifier emv = new TElMessageVerifier();
            MemoryStream fsOut = new MemoryStream();
            int result = emv.Verify(fsIn, fsOut, 0);
            if (result != 0) return null;
            fsOut.Flush();        
            return fsOut;          
        }

and the result of Verify() is 8198.
The file is attached.
I'v tried verifying it with some online tool and it is "ok".
What I'm missing here?
Thanks in advance

Gaetano Lazzo


[ Download ]
#32978
Posted: 04/07/2015 08:10:11
by Ken Ivanov (EldoS Corp.)

Hi Gaetano,

Thank you for contacting us.

Your message is enveloped with base64 encoding. As TElMessageVerifier class expects binary unencoded messages on input, please decode the data prior to passing it to the Verify() or VerifyDetached() method.

You can use .NET framework's native Convert.FromBase64String() method to decode the data.

Ken
#32985
Posted: 04/07/2015 09:12:50
by Gaetano Lazzo (Basic support level)
Joined: 12/02/2014
Posts: 14

Yes, I did something like:
Code
  System.IO.StreamReader myFile = new System.IO.StreamReader(fname,Encoding.UTF8);
  string myString = myFile.ReadToEnd();
  byte[] data = Convert.FromBase64String(myString);
  MemoryStream doc = new MemoryStream();
  doc.Write(data, 0, data.Length);
  doc.Seek(0, SeekOrigin.Begin);

  MemoryStream de_signed = ReadCADESSignedBuffer(doc);

and it worked
now the question is, WHEN should I do something like that... is there a signature that I can check to see if a document is a plain CADES or is a base64 encoded cades?
#32989
Posted: 04/07/2015 09:35:34
by Ken Ivanov (EldoS Corp.)

Gaetano,

A well-formed PKCS#7/CAdES message always starts with a 0x30 byte. If the first byte of your candidate message is not 0x30, you can be sure that it's not a valid PKCS#7 structure - and you may assume it's a base64-encoded message and try to decode it. But in the latter case you should be prepared that it might not be a valid base64-encoded message either, and be ready to handle a relevant exception thrown by Convert.FromBase64String() call.

Ken
#32990
Posted: 04/07/2015 10:25:02
by Gaetano Lazzo (Basic support level)
Joined: 12/02/2014
Posts: 14

Many thanks.
I ended up with this
Code
private static MemoryStream decode64Base(byte[] b) {
try {
      var str = System.Text.Encoding.UTF8.GetString(b);
      byte[] data = Convert.FromBase64String(str);
      return new MemoryStream(data);
  }
  catch (Exception e) {
       return null;
  }
}

public static XmlDocument DecodeCADESBES(MemoryStream m, out string error) {
    MemoryStream toConsider = null;
    byte[] b = m.GetBuffer();
    if (b[0] != 0x30) { //may be base 64
         toConsider = decode64Base(b);
         if (toConsider == null) {
            error = "Errore decoding file";
            return null;
          }
          return internalDecodificaCADESBES(toConsider, out error);
     }
            
     //first character is 0x30, try as cades
     try {
        XmlDocument result = internalDecodeCADESBES(m, out error);
        if (error == null && result != null) {
              return result;
         }
      }
      catch {}

      // not a cades, try as a base64
      toConsider = decode64Base(b);
      if (toConsider == null) {
            error = "Errore decoding file";
            return null;
       }
       return internalDecodeCADESBES(toConsider, out error);            
}


The problem was that a file that starts with 0x30 could also be a base64 file cause 0x30 is also a valid base64 character.

Many thanks.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 749 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!