Re: How to make PKCS#7 signature using CryptoAPI?

You are not verifying against the correct content!
Those (and most) MSDN samples hash a string PLUS the null byte (so that it
is easy to display the recovered string using a printf (.. %s)
So, just add a null byte to your data, or change to strlen((char *)pbBuffer
and get rid of the +1 (buffer size for extra terminal null).

I tried your sample and had no problem verifying with openssl (after I added
terminal null to your string).

- Mitch

"maryzhang" <maryzhang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:683B2AFA-88F4-47E6-BF18-9EAB14E18A55@xxxxxxxxxxxxxxxx
Mitch,

In fact, I am using the example code from MSDN for CryptSignHash:
BYTE *pbBuffer= (BYTE *)"This is a random string.";
DWORD dwBufferLen = strlen((char *)pbBuffer)+1;
LPTSTR szDescription = NULL;

DWORD dwKeyType = AT_KEYEXCHANGE; //AT_SIGNATURE; , key used for the sign
ALG_ID hashAlg = CALG_SHA1; //use default alg for openssl, CALG_MD5,
...
CryptHashData(hHash, pbBuffer, dwBufferLen, 0);
...
CryptSignHash( hHash, dwKeyType, szDescription, 0, pbSignature,
&dwSigLen);
...
And I wrote the dwSigLen bytes in a file(signedhash-sha1.tmp) and worte
the
bytes in reversed order to anotherfile(signed-rev-sha1.tmp) and send the
files to Linux by WinSCP. On Linux, I put same string as pbBuffer in a
file
msg.txt, then I use openssl cmd:
"openssl dgst -d -verify desktop-pubkey.cer -sha1 -signature
signedhash-rev-sha1.tmp msg.txt"
The desktop-pubkey.cer is extracted using openssl from cert in PEM format
from windows.
But I got verification failure for both signedhash-rev-sha1.tmp and
signedhash-sha1.tmp.

Here is the base64 encoded blob for signedhash-rev-sha1.tmp(it's not 64
chars per line as PEM):

NaNuqemL4ldVLHrcnrtVaGduLyobtdvoGouxqWuklkHWfg46ae9pkWfVuwEjARODJtF6rf3XEiUvRtrBkrnwkXzDxUuuhbkHPopmlgykx5sOPTNxJquf2XLRC8UrZ3KUENS0yfit3HpQ+26WpPxBqTrU7msE1if1poV2AeiLfoY=

And the public key:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxJe01e3MJrgXgAePB39ihCLyN
H6nTPw5MOihIGa3CBlksZ7t1/rC1H0OWmGJXeYtiIhEm6vZEk+vsq1AphjAAVp7j
n0fz7WT7RB3eeYTle0xCtiV+SkePScKsDECyc6RNqFfRFoDwrwik6vJtK01f4aMS
n1TX/NFeedh1426uPQIDAQAB
-----END PUBLIC KEY-----

Thank you so much.

Mary

"Mitch Gallant" wrote:

Send me a blob that you created with CryptSignMessage and the actual
message that you signed. It will be easier to discus this way and will
save time. I have quite a few compiled C capi snippets with many capi
functions (including CryptSignMessage). Might be a terminal string null
issue in the data that's being signed. Let me have a look.

- Mitch

"maryzhang" <maryzhang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:82998064-26CE-46EF-AAB7-A6CD5A0D9B8E@xxxxxxxxxxxxxxxx
Mitch,

I've tried CryptMsgGetParam() with CMSG_Encyrpted_Digest, but still
cannot
get it to work.
I even tried CryptSignHash and low level msg sign
functions(CryptMsgOpenToEncode...), and tried both MD5 hash alg and
SHA1 hash
alg, still no luck.

I've also tried "openssl rsautl -verify -in
signed-hash -asn1parse -inkey
pubkey -pubin -hexdump -raw" cmd, it can parse sth and print the output
like:
.... prim: OBJECT :sha1
some octet string ....
But the raw data doesn't match the original msg, however, if I change
to use
some othe pubkey, it'll print error. Is the verification successful for
the
1st case?

Thanks a lot!

Mary

"Mitch Gallant" wrote:

OpenSSL command like you use takes a pkcs1.5 signature (i.e. the raw
encrypted hash),
not a CMS / pkcs #7 signed messages as you create with
CryptSignMessage.
You can extract the pkcs1 signature from your capi CMS signedmessage
blob using:
CryptMsgGetParam() with CMSG_Encyrpted_Digest.

- Mitch

"maryzhang" <maryzhang@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5AFE3E47-799D-4188-BD67-CFD8E1ED4A9C@xxxxxxxxxxxxxxxx
Hi, Mitch

I used CryptSignMessage to created a signature and can verify
successfully by
CryptVerifyMessageSignature OR CryptVerifyDetachedMessageSignature.
However,
I need send the signature to a Linux box and use openssl to verify
it, I used
""openssl dgst -md5 -verify pubkey -signature signed-msg orig-msg",
but the
verification always fail. Do you have any idea or clue about what's
wrong?

For CryptSignMessage, I used RSA_MD5 for hash, the default format of
signature is DER? How can I get PEM(b64) format directly? What's the
expected
format for openssl?

Thank you very much in advance!

Mary



"Mitch Gallant" wrote:

In CryptoAPI, you can use the "Simplified" message functions to
automatically
take care of generating the hash. You provide data buffer, set a
few struct
members and then invoke the fns:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/example_c_program_signing_a_message_and_verifying_a_message_signature.asp

Procedure is described schematically here:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/procedure_for_signing_data.asp

You could use lower-level capi functions, but better to use
simplified functions unless
you really need some capabiilty not provided in simplified fns.

General info on CryptoAPI and pkcs #7:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/pkcs__7_concepts.asp

- Mitch Gallant

<deadlock@xxxxxxxx> wrote in message
news:1144048997.067714.144680@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So how can I create PKCS#7 signature signing a hash?












.

Relevant Pages

  • Re: How to make PKCS#7 signature using CryptoAPI?
    ... "Mitch Gallant" wrote: ... Those MSDN samples hash a string PLUS the null byte (so that it ... functions (including CryptSignMessage). ...
    (microsoft.public.platformsdk.security)
  • Re: How to write a diff in VB6 for comparing two xml files?
    ... No, the best you could do is to read both into string and use StrCompbut it's inefficient and, but using the hash ... Private Declare Function CryptAcquireContext Lib "AdvAPI32.dll" Alias _ ... Dim HashAAs Byte, HashLenA As Long ...
    (microsoft.public.vb.general.discussion)
  • Re: something like switch in c
    ... >> straightforward string comparisions. ... > inner table size and/or add symbols to expand the hash. ... It all depends on the empirical pattern of the actual keys. ... The value of the random number generator is UNCHANGED on ...
    (comp.programming)
  • Re: Base36
    ... static string tokens = ... But - I don't think you want all those silly characters in the product key. ... I should be able to recalc the hash at the client ... > conversion to long so I can pass each long to the BaseXX converter to get ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: CryptSignMessage on very large files
    ... One simple solution is to incrementally compute the SHA-1 hash of the large ... I dont know if it would help you. ... steps while rebuilding the PDF. ... I'm using CryptSignMessage to sign PDF files and it works fine ...
    (microsoft.public.platformsdk.security)