EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#1 Padding

Posted: 04/17/2015 04:12:38
by Gaetano Lazzo (Basic support level)
Joined: 12/02/2014
Posts: 14

I'm using this code:
public static int PGPSign(Stream fIn, Stream fOut, TElX509Certificate firma) {
            TElMessageSigner sign = new TElMessageSigner();
            TElMemoryCertStorage store = new TElMemoryCertStorage();            
            store.Add(firma, true);
            sign.CertStorage = store;
            return sign.Sign(fIn, fOut);

to sign documents.
It is working quite well, but for some documents I've received an error from the authority who is receiving the documents.
They told me that the session key for the pkcs#7 envelope has to be 128 bits (or bytes?), while it was 127. So they asked me to ensure that PKCS#1 padding has been applied to obtain the desired key length.
Now, I'm not specifying any padding and I wonder how I should do it.
Can you help me?
Thanks in advance
Posted: 04/17/2015 04:30:19
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

PKCS#1 padding is applied internally and you should not turn it on explicitly.

Just a note: PGPSign name is not suitable for your method as this method generates PKCS#7 signature, but not a PGP one.
Posted: 04/17/2015 04:36:22
by Gaetano Lazzo (Basic support level)
Joined: 12/02/2014
Posts: 14

So the name of the method is wrong. But they are telling me that the PKCS#1 is not applied correctly. They have refused a couple of messages over about 300 I've sent.
How can I prove that I'm doing right?
the tecnical error they have showed me is this

Error 0xE00B0112
FACILITY= (0xFFFFE00B) F_PKCS11: PKCS#11 Subsystem
REASON= (0x112) CKR_WRAPPED_KEY_LEN_RANGE: wrapped key length out of range
PHASE ERROR DECIPHER_PHASE_ERRORS <4>: Decipher error detected

and they explained that it is about PKCS1 padding of the session key.
Posted: 04/17/2015 04:41:07
by Ken Ivanov (Team)

Hi Gaetano,

Could you please send us a couple of sample signatures (a good and a bad one) so that we could have a look inside and try to locate the issue? As Vsevolod said, SecureBlackbox applies padding automatically, but the receiving software might just be misinterpreting it. It might be possible that we could address the issue by tuning something up in the internals of SecureBlackbox.

You can post the signatures privately to the help desk. No one except you and our technical people will be able to access them.





Topic viewed 891 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!