Verify timestamp with CryptoApi

From: "dmitry.zhigulin@xxxxxxxxx" <dmitry.zhigulin@xxxxxxxxx>
Date: Thu, 21 Feb 2008 09:56:57 -0800 (PST)

Hello!

I have timestamped HCRYPTMSG. Message has "1.2.840.113549.1.9.16.2.14"
attribute.
It contain HCRYPTMSG of timestamp with hash inside. I verify message
signature successfully.

How to validate hash of timestamp?

I think, I need to compare timstamp hash (CMSG_CONTENT_PARAM) with
combination of CMSG_ENCRYPTED_DIGEST of main message and
szOID_RSA_signingTime attribute of timestamp.
How to build hash correctly?

.

Prev by Date: RE: Elevate permission of code
Next by Date: Re: User Access Rights
Previous by thread: Re: User Access Rights
Next by thread: SSPI Server: How to retrieve the username of incoming authentication request
Index(es):
- Date
- Thread

Relevant Pages

RE: Can Kerberos be cracked??
... Subject: Can Kerberos be cracked?? ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ...
(Focus-Microsoft)
RE: Can Kerberos be cracked??
... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ... The server doesn't actually know what the user's>>password is, ...
(Focus-Microsoft)
Re: Can Kerberos be cracked??
... > against the encrypted timestamp. ... > As for your assumption about the hash being as good as the password, ... >> encrypt the timestamp) still be susceptible to brute-force ... The server doesn't actually know what the user's ...
(Focus-Microsoft)
Re: Can Kerberos be cracked??
... encrypt the timestamp) still be susceptible to brute-force using dictionary ... Secondly, even without the actual password known, wouldn't juz the hash (let ... The server doesn't actually know what the user's ...
(Focus-Microsoft)