Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Signing with no hash OID

64 views
Skip to first unread message

Eric Boudrand

unread,
Jul 16, 2008, 4:58:32 AM7/16/08
to
Hello,

I am trying to sign data with CryptSignHash function. The arguments used are
AT_KEYEXCHANGE and CRYPT_NOHASHOID flag. Call to this function failed with
error 0x80090006 (NTE_BAD_SIGNATURE). I am using Microsoft Base Smart Card
Crypto Provider. The operating system is Windows XP Pro SP3. If I set no
flag to CrypSignHash, the call is correct. But, I would like to avoid the
hash OID in the output. I may have forgotten something. Any idea ?

One more question. What is the output format if CRYPT_NOHASHOID is set ?
Thanks for any help.

Regards.

Eric Boudrand


Mounir IDRASSI

unread,
Jul 16, 2008, 8:36:00 PM7/16/08
to
Hi Eric,

The Microsoft Base Smart Card Crypto Provider does not perform any
computation on its own. Instead, it delegates it to the card module
associated with the smart card you are using. So, the error you have comes
certainly from an issue with the card module's CardSignData function which is
not handling correctly the CRYPT_NOHASHOID flag.
I suspect that CardSignData returns an output that is invalid in this case,
or at least it doesn't have the right length, which makes the MS CSP
returning NTE_BAD_SIGNATURE because of the internal checks it performs on the
CardSignData output.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)

Eric Boudrand

unread,
Jul 29, 2008, 10:57:20 AM7/29/08
to
Hi Mounir,

Your suspicion was correct. I could get an update of the manufacturer card
module. I can call now CryptSignHash with CRYPT_NOHASHOID flag without
problems. Thanks.

Regards.

Eric Boudrand


"Mounir IDRASSI" <moon...@newsgroups.nospam> a écrit dans le message de
news: 1FAD7AE1-FACB-4838...@microsoft.com...

0 new messages