Verify ECC signed address data
38 views
Skip to first unread message
Chris Roelofs
Apr 13, 2023, 3:59:48 AM4/13/23
to eID Middleware Dev
Hi All,
We have developed an EID application in C#, reusing a lot of code from the CS/EidSamples and Tests.
For the older cards all is working fine reading data and verifying signatures with RSA.
With the newer cards I am having trouble verifying the data.
For the verification of the Identity data I found that I have to do the following to make it work.
ecDsa.VerifyData(data, signature, HashAlgorithmName.SHA384, DSASignatureFormat.Rfc3279DerSequence);
The 4th parameter does the trick here but I could not find any documentation on the requirement on the Signature format.
So far so good.
I am still stuck on the verification of the address data. I do the same concat as we do for RSA signed data, copied from the samples:
I am still stuck on the verification of the address data. I do the same concat as we do for RSA signed data, copied from the samples:
byte[] concatFiles = new byte[addressFile.Length + idSignature.Length];
Array.Copy(addressFile, 0, concatFiles, 0, addressFile.Length);
Array.Copy(idSignature, 0, concatFiles, addressFile.Length, idSignature.Length);
Array.Copy(addressFile, 0, concatFiles, 0, addressFile.Length);
Array.Copy(idSignature, 0, concatFiles, addressFile.Length, idSignature.Length);
But the ecDsa.Verify returns false in this case.
Any help would be much appreciated.
Chris
Chris Roelofs
Apr 13, 2023, 5:18:07 AM4/13/23
to eID Middleware Dev
In the meantime I found the solution, from another thread in this forum.
The fix is to derive the actual signature length from the second byte of the signature array and take the resulting number of bytes from the signature as the real signature.
So all is working fine now.
Kind regards,
Chris
Reply all
Reply to author
Forward
0 new messages