Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 12/19/03

• Next message: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
• Previous message: Daniel McGloin: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• In reply to: Pieter Philippaerts: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• Next in thread: Daniel McGloin: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 18 Dec 2003 22:45:29 -0500

Note that the little-endian ordering is used for MS-specific structures
(like CryptoAPI "blobs").
Most of the standard CMS/PKCS#7 signature structures generated by
CryptoAPI and also PKCS#1 are specified as big-endian ordered.
e.g. the .NET RSAPKCSSignatureFormatter.CreateSignature
generates a PKCS#1 format signature in standard big-endian order
identical to that generated by Java

On the other hand, the MS-specific CryptoAPI blob structures store almost
all byte-sequences in little-endian order:
   e.g. seen endian comments for PRIVATEKEYBLOB:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/private_key_blobs.asp

 - Mitch Gallant
   MVP Security

"Pieter Philippaerts" <Pieter@nospam.mentalis.org> wrote in message
news:uxbIBYdxDHA.2136@TK2MSFTNGP10.phx.gbl...
> "Daniel McGloin" <dmcgloin@san.rr.com> wrote
> > Perhaps I am wrong or confused about this. So just in case, I tried
> > flipping the bytes as though it was an array of 2 byte integers - then
> > I tried this as though it was an array of 4 byte integers. But it
> > still doesn't work :(.
>
> Try reversing the array as a whole. This step is necessary to do .NET <->
> CAPI interop [.NEt is big endian, CAPI little endian], so it may be
> necessary in your case too.
>
> Regards,
> Pieter Philippaerts
> Managed SSL/TLS: http://www.mentalis.org/go.php?sl
>
>

---

• Next message: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
• Previous message: Daniel McGloin: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• In reply to: Pieter Philippaerts: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• Next in thread: Daniel McGloin: "Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Sign w/ BSafe; Verify w/ MS Crypto; Error: Invalid Signature ... > Most of the standard CMS/PKCS#7 signature structures generated by ... handling in CryptoAPI, but anyway I don't understand, what kind of issue ... which specify how to read or write this or that structure or data ... (microsoft.public.platformsdk.security) RSA key and CryptoAPI ... key (standard PKCS#1), and I would like to work with CryptoAPI. ... my private key structure ... I wondered if CryptoAPI can work with the first one (only the pair ... How can I get the second type from the first one? ... (microsoft.public.platformsdk.security) Relationship of MS cryptoAPI and PKCS #11 ... RSA has set a standard for CryptoAPI under PKCS #11. ... MS CryptoAPI follow this standard? ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2003-12