problem verifying XML signature

From: Marko Macek (mark_at_hermes.si)
Date: 03/31/04

  • Next message: FLO: "Code signing (signcode versus strong name)?" 
    Date: Wed, 31 Mar 2004 10:28:53 +0200

    Hello!

    I have a problem verifying a signature (attached xml) made with
    Ubisignature.

    I have tried verifying the signature with Microsoft SignedXml class
    (framework 1.1) and it dies like this:

    System.Security.Cryptography.CryptographicException:
    Cryptographic service provider (CSP) for this implementation generated an
    internal error while attempting to verify the signature. at
    System.Security.Cryptography.RSACryptoServiceProvider.VerifyHash(Byte[]
    rgbHash, String str, Byte[] rgbSignature) at
    System.Security.Cryptography.RSAPKCS1SignatureDeformatter.VerifySignature(By
    te[] rgbHash, Byte[] rgbSignature) at
    System.Security.Cryptography.AsymmetricSignatureDeformatter.VerifySignature(
    HashAlgorithm hash, Byte[] rgbSignature) at
    System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorith
    m key) at
    System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(Asymme
    tricAlgorithm& signingKey) at

    I'm also tried to verify it using xmlsec (www.aleksey.com/xmlsec/).

    The of xmlsec output is:

    C:\work\xmlsec>xmlsec --verify --node-xpath
    //*[@Id='DepositorSignature'] --trusted-der sigov-ca.crt --print-debug
    podpis_mm3.xml = VERIFICATION CONTEXT
    == Status: invalid
    == flags: 0x00000000
    == flags2: 0x00000000
    == Id: "DepositorSignature"
    == Key Info Read Ctx:
    = KEY INFO READ CONTEXT
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled key data: all
    == RetrievalMethod level (cur/max): 0/1
    == TRANSFORMS CTX (status=0)
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled transforms: all
    === uri: NULL
    === uri xpointer expr: NULL
    == EncryptedKey level (cur/max): 0/1
    == Key Info Write Ctx:
    = KEY INFO WRITE CONTEXT
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled key data: all
    == RetrievalMethod level (cur/max): 0/1
    == TRANSFORMS CTX (status=0)
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled transforms: all
    === uri: NULL
    === uri xpointer expr: NULL
    == EncryptedKey level (cur/max): 0/1
    == Signature Transform Ctx:
    == TRANSFORMS CTX (status=2)
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled transforms: all
    === uri: NULL
    === uri xpointer expr: NULL
    === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
    === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
    === Transform: membuf-transform (href=NULL)
    == Signature Method:
    === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
    == Signature Key:
    == KEY
    === method: RSAKeyValue
    === key type: Public
    === key usage: 65535
    === rsa key: size = 1023
    == SignedInfo References List:
    === list size: 1
    = REFERENCE VERIFICATION CONTEXT
    == Status: succeeded
    == URI: ""
    == Reference Transform Ctx:
    == TRANSFORMS CTX (status=2)
    == flags: 0x00000000
    == flags2: 0x00000000
    == enabled transforms: all
    === uri: NULL
    === uri xpointer expr: NULL
    === Transform: enveloped-signature
    (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
    === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
    === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
    === Transform: membuf-transform (href=NULL)
    == Digest Method:
    === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
    == Manifest References List:
    === list size: 0
    func=:file=..\src\openssl\signatures.c:line=248:obj=rsa-sha1:subj=EVP_VerifyFinal:error=18:data
    do not match:signature do not match
    FAIL
    SignedInfo References (ok/all): 1/1
    Manifests References (ok/all): 0/0
    Error: failed to verify file "podpis_mm3.xml"
    ============================================================

    One thing that I find odd is:

    === rsa key: size = 1023

    But Ubisignature and Java (apache) implementations verify the signature
    as valid.

    Can anyone help? Is the signature valid or not? Where is the problem?

    The CA certificate is at http://www.sigov-ca.gov.si/sigov-ca.crt

    Thanks,
    Mark

  • Next message: FLO: "Code signing (signcode versus strong name)?"

    Relevant Pages

    • RE: problem verifying XML signature
      ... I've just tried to verify your signature using v2.0, ...
      (microsoft.public.dotnet.security)
    • Re: how can we restrict what certificate WSE will use?
      ... > X509SecurityTokenManager to verify the request is from a trusted client. ... > certificate to build a valid signature and encrypted data section. ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Keyed hash vs Digital signature ????
      ... For DSIGs you usually use certificates. ... Otherwise it is not possible to verify that you are really using the right public key ... Certs can be made available in various ways - e.g. you can embed them in the signature, make them downloadable and so forth. ... I have understand that hashing a file with a keyed Hash class, ...
      (microsoft.public.dotnet.security)
    • Re: Check EXE for MY signature only
      ... signature - but at least the code-signing certificate would reveal WHO ... I am trying to figure out how to verify that a dll is signed by my own ... I should probably compare the public key, ...
      (microsoft.public.platformsdk.security)