Bc error validating signature with ECC cert

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bc error validating signature with ECC cert

cryptoSad

Hi all,

 

I’m checking a signature with BC, ti worked for months but I’ve came across this excetion checking a signed a file:

 

java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.7

 

A brief search resulted in problems with ECC certificates such as brainpool.

 

Any Ideas?

 

Below a snippet of code:

 

ASN1InputStream aIn = new ASN1InputStream(signedData);

            CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));

                       

            aIn.close();

           

            Store certs = s.getCertificates();

            SignerInformationStore signers = s.getSignerInfos();

            Collection<SignerInformation> c = signers.getSigners();

                                              

            List<Boolean> isValidSigner = new ArrayList<Boolean>();

            CertificateHelper x509CertHelper= new CertificateHelper();

            for(SignerInformation signer:c){

                 

                  Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());

                  Iterator<X509CertificateHolder> certIt = certCollection.iterator();

                  X509CertificateHolder certHolder = certIt.next();

                  boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 

             …

 

The exception arises in: signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Bc error validating signature with ECC cert

David Hook-3

Are you sure the BC provider is being used here? I would have expected

new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder)

If that was the case.

Regards,

David

On 13/12/19 10:13 pm, Emiliano Latini wrote:

Hi all,

 

I’m checking a signature with BC, ti worked for months but I’ve came across this excetion checking a signed a file:

 

java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.7

 

A brief search resulted in problems with ECC certificates such as brainpool.

 

Any Ideas?

 

Below a snippet of code:

 

ASN1InputStream aIn = new ASN1InputStream(signedData);

            CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));

                       

            aIn.close();

           

            Store certs = s.getCertificates();

            SignerInformationStore signers = s.getSignerInfos();

            Collection<SignerInformation> c = signers.getSigners();

                                              

            List<Boolean> isValidSigner = new ArrayList<Boolean>();

            CertificateHelper x509CertHelper= new CertificateHelper();

            for(SignerInformation signer:c){

                 

                  Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());

                  Iterator<X509CertificateHolder> certIt = certCollection.iterator();

                  X509CertificateHolder certHolder = certIt.next();

                  boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 

             …

 

The exception arises in: signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 


Reply | Threaded
Open this post in threaded view
|

R: [dev-crypto] Bc error validating signature with ECC cert

cryptoSad

Thank you David,

 

you were right, somehow I was using sunjce. With BC it works

 

 

 

Emiliano Latini

Engineering's Software Laboratory

Direct:                     +39 06 87594577      
Mobile:                    +39 347  7906590 
                       
E-mail :                    [hidden email]

Engineering Ingegneria Informatica spa
Piazzale dell’Agricoltura, 24 - 00144 Roma

Segui Engineering su Twitter! (@EngineeringSpA)

www.eng.it

 

Da: David Hook [mailto:[hidden email]]
Inviato: venerdì 13 dicembre 2019 12:26
A: [hidden email]
Oggetto: Re: [dev-crypto] Bc error validating signature with ECC cert

 

 

Are you sure the BC provider is being used here? I would have expected

 

new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder)

 

If that was the case.

 

Regards,

 

David

 

On 13/12/19 10:13 pm, Emiliano Latini wrote:

Hi all,

 

I’m checking a signature with BC, ti worked for months but I’ve came across this excetion checking a signed a file:

 

java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.7

 

A brief search resulted in problems with ECC certificates such as brainpool.

 

Any Ideas?

 

Below a snippet of code:

 

ASN1InputStream aIn = new ASN1InputStream(signedData);

            CMSSignedData s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));

                       

            aIn.close();

           

            Store certs = s.getCertificates();

            SignerInformationStore signers = s.getSignerInfos();

            Collection<SignerInformation> c = signers.getSigners();

                                              

            List<Boolean> isValidSigner = new ArrayList<Boolean>();

            CertificateHelper x509CertHelper= new CertificateHelper();

            for(SignerInformation signer:c){

                 

                  Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID());

                  Iterator<X509CertificateHolder> certIt = certCollection.iterator();

                  X509CertificateHolder certHolder = certIt.next();

                  boolean verifResult = signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 

             …

 

The exception arises in: signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certHolder));

 

 

 

Reply | Threaded
Open this post in threaded view
|

Richiamo: [dev-crypto] Bc error validating signature with ECC cert

cryptoSad
In reply to this post by cryptoSad
Emiliano Latini desidera richiamare il messaggio [dev-crypto] Bc error validating signature with ECC cert.