2014 vs 2015 Direct Certificate Discovery Tool

[Joseph Shook]

I am testing .NET RI (base on, I also maintain the .NET RI) code against the 2014 tool and failing for the following

• Processing Message(s):
• Expected message digest value: 621516b0d0f93df6eda2e4eac72fac8faf2ff2d8d1057717a5641b1e3b13cbc5 does not match the calculated message digest: 207feb6c6e42b0359e0e76c55c7eadbdc8eb033bb90236abcd580f0cfd34ee79 (org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest attribute value does not match calculated value)

Yet I can run the same tests against the 2015 tool and pass.  This is the newest code with the HSM and single use cert support but the tests are using the typical single certificate as dual-use.  

Does the 2015 site test message digest?

The other difference from previous passing .NET versions is the upgrade from the 4.5 framework to the 4.6.1 framework.  I will continue to dig but any ideas are welcome.  

Thanks

Joe

[sandeep...@gmail.com]

The 2015 DCDT does not check for message digest. The check was removed as part of the 2015 DCDT (v3.1) because of the move toward the use of single-use certificates (separate signing and encrypting certificates) instead of dual-use certificates (a certificate can be used for both signing and encrypting).

Please refer : https://groups.google.com/forum/#!searchin/directtesttool/dual$20use%7Csort:relevance/directtesttool/nacEpm3FcXw/6Nb2psyuAgAJ

Thanks,

Sandeep

[Joseph Shook]

Thank you for the reference.

Through further investigation I resolved the problem on on my end.