CAPICOM and .NET signedCms.CheckSignature

Hello,
We have a program which is signing files with CAPICOM. Those signed files
(detachted) can't be verified by the .NET classes. I receive "Invalid
Signature".
When I watch the signedCms.certificates(0) I see the certificate but the
CheckSignature is failing.


I see that the signed file there are linebreaks after 64 characters.
When I sign the file with .NET the linebreaks are on 74 characters.

How can I verify signed files by capicom with the .NET assemblies ?

--CAPICOM code
SignedData = New CAPICOM.SignedDataClass
Signer = New CAPICOM.SignerClass

bs = BReader.ReadBytes(System.Convert.ToInt32(BReader.B aseStream.Length))

Dim h As GCHandle = GCHandle.Alloc(bs, GCHandleType.Pinned)

Dim ptr As System.IntPtr = Marshal.UnsafeAddrOfPinnedArrayElement(bs, 0)

SignedData.Content = ptr

h.Free()

Signer.Certificate = c

strSignString = SignedData.Sign(Signer, True,
CAPICOM.CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE6 4)

Dim sw As New System.IO.StreamWriter(SignedFile)
sw.Write(strSignString)
sw.Close()

SignedFile.Close()
'BReader.Close()

--.NET verify code to verify the signed file
Dim bufferfile As Byte() = File.ReadAllBytes(strDataFileName)
Dim strSignedFile64 As String = File.ReadAllText(strSignedFile)
'Place signature buffer in a ContentInfo object.

Dim contentInfo As ContentInfo = New ContentInfo(bufferfile)

'Now Instantiate a SignedCms object with the ContentInfo above. Set
the detached content file upon which the signature is based.

Dim signedCms As SignedCms = New SignedCms(contentInfo, True)

'Decode buffersignature bytes into the pkcs7 object.

signedCms.Decode(Convert.FromBase64String(strSigne dFile64))

'Now check for the detached signature; the CheckSignature function
should return a 'true' value.

signedCms.CheckSignature(True)
--
Thanks,
Wim

IIRC CAPICOM and .NET X.509 support is not compatible - meaning CAPICOM is
doing something non-standard. But I can't remember the details.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:

Hello,
We have a program which is signing files with CAPICOM. Those signed
files
(detachted) can't be verified by the .NET classes. I receive "Invalid
Signature".
When I watch the signedCms.certificates(0) I see the certificate but
the
CheckSignature is failing.
I see that the signed file there are linebreaks after 64 characters.
When I sign the file with .NET the linebreaks are on 74 characters.

How can I verify signed files by capicom with the .NET assemblies ?

--CAPICOM code
SignedData = New CAPICOM.SignedDataClass
Signer = New CAPICOM.SignerClass
bs =
BReader.ReadBytes(System.Convert.ToInt32(BReader.B aseStream.Length))

Dim h As GCHandle = GCHandle.Alloc(bs, GCHandleType.Pinned)

Dim ptr As System.IntPtr =
Marshal.UnsafeAddrOfPinnedArrayElement(bs, 0)

SignedData.Content = ptr

h.Free()

Signer.Certificate = c

strSignString = SignedData.Sign(Signer, True,
CAPICOM.CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE6 4)

Dim sw As New System.IO.StreamWriter(SignedFile)
sw.Write(strSignString)
sw.Close()
SignedFile.Close()
'BReader.Close()
--.NET verify code to verify the signed file
Dim bufferfile As Byte() = File.ReadAllBytes(strDataFileName)
Dim strSignedFile64 As String = File.ReadAllText(strSignedFile)
'Place signature buffer in a ContentInfo object.
Dim contentInfo As ContentInfo = New ContentInfo(bufferfile)

'Now Instantiate a SignedCms object with the ContentInfo above.
Set the detached content file upon which the signature is based.

Dim signedCms As SignedCms = New SignedCms(contentInfo, True)

'Decode buffersignature bytes into the pkcs7 object.

signedCms.Decode(Convert.FromBase64String(strSigne dFile64))

'Now check for the detached signature; the CheckSignature
function should return a 'true' value.

signedCms.CheckSignature(True)

CAPICOM requires an even byte length for the data to be signed and
will pad the data if it is uneven. Try converting what you are signing
to a Base64 string and then to a byte array (thus ensuring it is even
in length) before you send it to CAPICOM for singing. It not that
pretty but it should do the trick.

//Jonas

On 29 Nov, 11:01, Wim <W... (AT) discussions (DOT) microsoft.com> wrote:

Quote:

Hello,
We have a program which is signing files with CAPICOM. Those signed files
(detachted) can't be verified by the .NET classes. I receive "Invalid
Signature".
When I watch the signedCms.certificates(0) I see the certificate but the
CheckSignature is failing.

I see that the signed file there are linebreaks after 64 characters.
When I sign the file with .NET the linebreaks are on 74 characters.

How can I verify signed files by capicom with the .NET assemblies ?

--CAPICOM code
SignedData = New CAPICOM.SignedDataClass
Signer = New CAPICOM.SignerClass

bs = BReader.ReadBytes(System.Convert.ToInt32(BReader.B aseStream.Length))

Dim h As GCHandle = GCHandle.Alloc(bs, GCHandleType.Pinned)

Dim ptr As System.IntPtr = Marshal.UnsafeAddrOfPinnedArrayElement(bs, 0)

SignedData.Content = ptr

h.Free()

Signer.Certificate = c

strSignString = SignedData.Sign(Signer, True,
CAPICOM.CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE6 4)

Dim sw As New System.IO.StreamWriter(SignedFile)
sw.Write(strSignString)
sw.Close()

SignedFile.Close()
'BReader.Close()

--.NET verify code to verify the signed file
Dim bufferfile As Byte() = File.ReadAllBytes(strDataFileName)
Dim strSignedFile64 As String = File.ReadAllText(strSignedFile)
'Place signature buffer in a ContentInfo object.

Dim contentInfo As ContentInfo = New ContentInfo(bufferfile)

'Now Instantiate a SignedCms object with the ContentInfo above. Set
the detached content file upon which the signature is based.

Dim signedCms As SignedCms = New SignedCms(contentInfo, True)

'Decode buffersignature bytes into the pkcs7 object.

signedCms.Decode(Convert.FromBase64String(strSigne dFile64))

'Now check for the detached signature; the CheckSignature function
should return a 'true' value.

signedCms.CheckSignature(True)
--
Thanks,
Wim