- Mitch Gallant
MVP Security
<dead...@inbox.lv> wrote in message news:1143787764.9...@z34g2000cwc.googlegroups.com...
>I want to make PKCS#7 signature using CryptoAPI. As far as i
> understand, function CryptSignMessage creates PKCS#1 signature, or it
> is not so?
>
- Mitch Gallant
MVP Security
<dead...@inbox.lv> wrote in message news:1144045364.1...@i39g2000cwa.googlegroups.com...
Procedure is described schematically here:
http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/procedure_for_signing_data.asp
You could use lower-level capi functions, but better to use simplified functions unless
you really need some capabiilty not provided in simplified fns.
General info on CryptoAPI and pkcs #7:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/pkcs__7_concepts.asp
- Mitch Gallant
<dead...@inbox.lv> wrote in message news:1144048997.0...@j33g2000cwa.googlegroups.com...
Do you know any tool, that signs daata and generates PKCS#7 signatures?
Thanx,
Anna
If they use CryptoAPI directly, then they would be
similar to this sample:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/example_c_program_signing_a_message_and_verifying_a_message_signature.aspCAPICOM wraps much of the more useful signature,certs and Authenticode features of CryptoAPI.Here is an easy to use vbscript utility a few years ago: http://www.jensign.com/capicom/SignAll.txt(change the extension to .vbs if you choose to try it out).You need WSH (Windows Script Host) which is be defaultin W2k or XPSignall.vbs requires CAPICOM which you can either install andautomatically register using freely redistributable CAPICOM.I provide a page to make this install and registration trivial: http://www.jensign.com/capicom2install/(the dnld is tiny .. and is signed by Microsoft).Signall.vbs takes a few arguments: SignAll <filetosign> <outputsignedfile> [A|D] [anything]where the 3rd optionial argument is for an "Attached" or "Detached" pkcs#7signature. The 4th optionial argument (can be anything) indicates a binarypkcs#7 file (the default is to create a b64-encoded pkcs#7 signature).Note also that .NET 2 now provides almost all of the same functionality as CAPICOM 2did (including pkcs#7 generation and verification).- Mitch Gallant MVP Security<dead...@inbox.lv> wrote in message news:1144412563....@u72g2000cwu.googlegroups.com...> Thanks for info!>> Do you know any tool, that signs daata and generates PKCS#7 signatures?>> Thanx,> Anna>
d> Do you know any tool, that signs daata and generates PKCS#7 signatures?
You can check PKIBlackbox ( http://www.eldos.com/sbb/desc-pki.php ), it is
available for .NET and as an ActiveX control.
With best regards,
Eugene Mayevski
I have signed a simple text message using
signall <filename> output.p7s
that created detached signature with the certificate inside it. When I
try to verify it, using CryptoAPI VerifyMessageSignature, either .NET 2
namespace PKCS, I get the same error ASN1 bad tag value met. I cannot
understand what am I doing wrong :(
Anna
So try this:
signall.vbs <filename> output.p7s A B
which generates attached (A) sig. in binary (B) format.
Just tried .NET 2 classes .. no problems verifying either way.
Also, signall uses the most common ASCII encoding of the datain pkcs7
signatures.
So use Encoding.ASCII if you convert string to byte[].
- Mitch Gallant
<dead...@inbox.lv> wrote in message news:1144603036.2...@u72g2000cwu.googlegroups.com...
I used CryptSignMessage to created a signature and can verify successfully by
CryptVerifyMessageSignature OR CryptVerifyDetachedMessageSignature. However,
I need send the signature to a Linux box and use openssl to verify it, I used
"“openssl dgst –md5 –verify pubkey –signature signed-msg orig-msg”, but the
verification always fail. Do you have any idea or clue about what’s wrong?
For CryptSignMessage, I used RSA_MD5 for hash, the default format of
signature is DER? How can I get PEM(b64) format directly? What's the expected
format for openssl?
Thank you very much in advance!
Mary
- Mitch
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:5AFE3E47-799D-4188...@microsoft.com...
> Hi, Mitch
>
> I used CryptSignMessage to created a signature and can verify successfully by
> CryptVerifyMessageSignature OR CryptVerifyDetachedMessageSignature. However,
> I need send the signature to a Linux box and use openssl to verify it, I used
> ""openssl dgst -md5 -verify pubkey -signature signed-msg orig-msg", but the
Can openssl extract the pkcs1 signature from the pkcs7 signed msg?
I've the signed msg on Linux already, want to try it out ASAP.
Thanks a lot!
Mary
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:EDCA585E-EBCF-4AEB...@microsoft.com...
"openssl pkcs7" doesn't help.
And I tried ""openssl smime -verify -inform PEM -in signed.pem -signer
desktop-b64.cer
-content msg.txt -nointern -noverify", it gave me "RAS_verify:bad signature".
One more thing, the signer certificate is sent together with the signature,
and then the public key is extracted for "openssl dgst" cmd.
However, when I compare the public key info(on windows use "certmgr -v
desktop-b64.cer", and on linux use "openssl x509 -in desktop-b64.cer -text
-noout", I found the following difference:
On Windows:
...
SubjectPublicKeyInfo.PublicKey(BitLength:1024)
30 81 89 02 81 81 00 b1 same content follows
...
79 D8 75 E3 6E AE 3D 02 03 01 00 01
On Linux:
...
RSA Public Key:(1024 bit)
Modulus (1024 bit):
00 b1 same content follows
...
79 D8 75 E3 6E AE 3D
Exponent: 0x10001
They are same, but openssl displays more subfields in the PublickKey, right?
Many Thanks!
Mary
In fact, I only need verify the client does have the private key by signing
some data sent from Server.
Do you think I can simply use CryptSignHash, and send the signed hash to
Linux Server and use "openssl dgst -verify pubkey -md5 -signature
signed-hash"? Do I need convert the format of the signed-hash for openssl?
Thank you very much!
Mary
I've tried CryptMsgGetParam() with CMSG_Encyrpted_Digest, but still cannot
get it to work.
I even tried CryptSignHash and low level msg sign
functions(CryptMsgOpenToEncode...), and tried both MD5 hash alg and SHA1 hash
alg, still no luck.
I've also tried "openssl rsautl -verify -in signed-hash -asn1parse -inkey
pubkey -pubin -hexdump -raw" cmd, it can parse sth and print the output like:
.... prim: OBJECT :sha1
some octet string ....
But the raw data doesn't match the original msg, however, if I change to use
some othe pubkey, it'll print error. Is the verification successful for the
1st case?
Thanks a lot!
Mary
- Mitch
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:82998064-26CE-46EF...@microsoft.com...
"Fields" (required) and extensions (optional) are usually used to refer to specific (signed)
data in an X509 certificate associated with the public key (as below) that the issuer's
signature validates.
- Mitch Gallant
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:DE810C3D-9B60-4E28...@microsoft.com...
....
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:F5F63291-4E34-47E8...@microsoft.com...
(1) CryptoAPI: CryptSignHash() ; specify same hash algorithm you plan to use for verification
(2) Reverse the signature bytes you obtain (should be same size as key .. e.g. 128 bytes for 1024 bit RSA key)
(3) Verify the signature to taste in any of Java, .NET, OpenSSL (i've confirmed this works with all)
In OpenSSL, verify a pkcs1 signature (after byte reversal above) using:
openssl dgst -sha1 -verify publickey.pem -signature signedhash content.txt
Since the pkcs1 signature is ONLY the signature (not including the content) you
obviously have to pass in the content to verify hash against (which you didn't do below).
I tried this .. no problems.
e.g. for this 20 byte content: "JavaScience rocks!\r\n"
I get the following signature (b64 encoded) (using my standard VeriSign smime certificate).
This was generated using VS 2005 compiled C code using capi CryptSignHash(). Then bytes
were reversed and b64 encoded (for posting here):
TCZClK8FKjXVbJjZY20tmMAkFg7SPW8Kt/EPL5NgGgOcHCUIqocIeKxZI8dLyrE2
Vl/mD5wcl93DOLlnl9pZ0quEB9dfU0uA0n7LBRVnHTjFwYemQP9TxrtF5GQ0tLrO
MBdUog7YK3JPv3Pz09meTo1uQqgizvA4VzBouI44w7s=
The PEM public key from my VeriSign cert (that will verify this pkcs1 signature is):
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI8eJ2+1/R+LQUu3Jb0jqm1PLc
mh6k86z0qeoqS+VG141g6xx7uBKV5n64EAkrRcsnVXZznLug7+piBLkjq9312bEw
w7oT1yIHYIlgFn1WxX1dacXMfZzU5u8ayF4mQA7Wnw0f/Glv010iqLOvxI34EIep
VNBT339INw4RNnpWmQIDAQAB
-----END PUBLIC KEY-----
- Mitch Gallant
MVP Security
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:F5F63291-4E34-47E8...@microsoft.com...
In fact, I am using the example code from MSDN for CryptSignHash:
BYTE *pbBuffer= (BYTE *)"This is a random string.";
DWORD dwBufferLen = strlen((char *)pbBuffer)+1;
LPTSTR szDescription = NULL;
DWORD dwKeyType = AT_KEYEXCHANGE; //AT_SIGNATURE; , key used for the sign
ALG_ID hashAlg = CALG_SHA1; //use default alg for openssl, CALG_MD5,
...
CryptHashData(hHash, pbBuffer, dwBufferLen, 0);
...
CryptSignHash( hHash, dwKeyType, szDescription, 0, pbSignature,
&dwSigLen);
...
And I wrote the dwSigLen bytes in a file(signedhash-sha1.tmp) and worte the
bytes in reversed order to anotherfile(signed-rev-sha1.tmp) and send the
files to Linux by WinSCP. On Linux, I put same string as pbBuffer in a file
msg.txt, then I use openssl cmd:
"openssl dgst -d -verify desktop-pubkey.cer -sha1 -signature
signedhash-rev-sha1.tmp msg.txt"
The desktop-pubkey.cer is extracted using openssl from cert in PEM format
from windows.
But I got verification failure for both signedhash-rev-sha1.tmp and
signedhash-sha1.tmp.
Here is the base64 encoded blob for signedhash-rev-sha1.tmp(it's not 64
chars per line as PEM):
NaNuqemL4ldVLHrcnrtVaGduLyobtdvoGouxqWuklkHWfg46ae9pkWfVuwEjARODJtF6rf3XEiUvRtrBkrnwkXzDxUuuhbkHPopmlgykx5sOPTNxJquf2XLRC8UrZ3KUENS0yfit3HpQ+26WpPxBqTrU7msE1if1poV2AeiLfoY=
And the public key:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxJe01e3MJrgXgAePB39ihCLyN
H6nTPw5MOihIGa3CBlksZ7t1/rC1H0OWmGJXeYtiIhEm6vZEk+vsq1AphjAAVp7j
n0fz7WT7RB3eeYTle0xCtiV+SkePScKsDECyc6RNqFfRFoDwrwik6vJtK01f4aMS
n1TX/NFeedh1426uPQIDAQAB
-----END PUBLIC KEY-----
Thank you so much.
Mary
I tried your sample and had no problem verifying with openssl (after I added
terminal null to your string).
- Mitch
"maryzhang" <mary...@discussions.microsoft.com> wrote in message
news:683B2AFA-88F4-47E6...@microsoft.com...
It works now. Just becasue of the null byte :(
Thank you very very ... much!!!
Mary