PROBLEM VERIFIING RSASSA-PSS SIGNED SMIME DATA (JAVA WITH BC)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

PROBLEM VERIFIING RSASSA-PSS SIGNED SMIME DATA (JAVA WITH BC)

info
Hello experts,

I encounter problems verifiing SMIME signatures like the one in the attachted file.

Some weeks before I had a similar problem, which could be solved by the dev team. I just used a work-around with a class named "MyRightSignerInformation". But it doesn't work here.

I can produce RSASSA-PSS signatures with SHA-256 or SHA-512 by myself. And I am also able to verify them successfully.

When I change just one character, I'ld get an exception: "message-digest attribute value does not match calculated value". But without modifiing something, the signer's verify method just returns false.

So by the way: What does that mean? If the digest matches the calculated value, everything should be fine or not?

Here are the parts of the code – nothing special I guess:

FileInputStream fis3 = new FileInputStream(parameters.get("c:\\verification fails.txt"));
Properties p = System.getProperties();
encrypted = new MimeMessage(Session.getDefaultInstance(p), fis3);
fis3.close();

SMIMESigned s = new SMIMESigned((MimeMultipart) encrypted.getContent());

Security.addProvider(new BouncyCastleProvider());
Store certs = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
Iterator<SignerInformation> it = c.iterator();
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder ch = (X509CertificateHolder) certIt.next();
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(ch);
JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder();
verifier.setProvider("BC");
SignerInformationVerifier siv = verifier.build(cert);
MyRightSignerInformation rSigner = new MyRightSignerInformation(signer);

if (rSigner.verify(siv)) {
// *** would be great
}
else
{
 // *** here we are :-(
}

What can I do to verify the signature?

Thank you so much in advance!

Kind regards,
Daniel Hoffmann

verification fails.txt (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: PROBLEM VERIFIING RSASSA-PSS SIGNED SMIME DATA (JAVA WITH BC)

Eckenfels. Bernd

Hmm,

 

I see in the CMS Signature a message digest of 626AB86A7A5FD5EDD91AD7B9BCEEA21394493F46432D7DECCE1C28A9B325578A and if I calculate the SHA256 over the Control message I get 9a6bc41bc9580113ca74a6f67d66a1f8e92ad6dfd7c01d77e48f180f3233803c, so this does not look like a RSAPSS problem but more likely a content data (normalization) digest problem. Will try later on without smime component.

 

BTW: I saw quite some people with RSAPSS questions here, and it looks most are motivated by german utilities, so maybe we try to do a small interop meeting? Who else wants to be informed?

 

Gruss

Bernd

 

From: [hidden email] [mailto:[hidden email]]
Sent: Tuesday, June 06, 2017 3:56 PM
To: [hidden email]
Subject: [dev-crypto] PROBLEM VERIFIING RSASSA-PSS SIGNED SMIME DATA (JAVA WITH BC)

 

Hello experts,

I encounter problems verifiing SMIME signatures like the one in the attachted file.

Some weeks before I had a similar problem, which could be solved by the dev team. I just used a work-around with a class named "MyRightSignerInformation". But it doesn't work here.

I can produce RSASSA-PSS signatures with SHA-256 or SHA-512 by myself. And I am also able to verify them successfully.

When I change just one character, I'ld get an exception: "message-digest attribute value does not match calculated value". But without modifiing something, the signer's verify method just returns false.

So by the way: What does that mean? If the digest matches the calculated value, everything should be fine or not?

Here are the parts of the code – nothing special I guess:

FileInputStream fis3 = new FileInputStream(parameters.get("c:\\verification fails.txt"));
Properties p = System.getProperties();
encrypted = new MimeMessage(Session.getDefaultInstance(p), fis3);
fis3.close();

SMIMESigned s = new SMIMESigned((MimeMultipart) encrypted.getContent());

Security.addProvider(new BouncyCastleProvider());
Store certs = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection<SignerInformation> c = signers.getSigners();
Iterator<SignerInformation> it = c.iterator();
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder ch = (X509CertificateHolder) certIt.next();
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(ch);
JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder();
verifier.setProvider("BC");
SignerInformationVerifier siv = verifier.build(cert);
MyRightSignerInformation rSigner = new MyRightSignerInformation(signer);

if (rSigner.verify(siv)) {
// *** would be great
}
else
{
 // *** here we are :-(
}

What can I do to verify the signature?

Thank you so much in advance!

Kind regards,
Daniel Hoffmann






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: PROBLEM VERIFIING RSASSA-PSS SIGNED SMIME DATA (JAVA WITH BC)

martijn.list
In reply to this post by info
On 06/06/2017 03:55 PM, [hidden email] wrote:

> Hello experts,
>
> I encounter problems verifiing SMIME signatures like the one in the
> attachted file.
>
> Some weeks before I had a similar problem, which could be solved by the
> dev team. I just used a work-around with a class named
> "MyRightSignerInformation". But it doesn't work here.
>
> I can produce RSASSA-PSS signatures with SHA-256 or SHA-512 by myself.
> And I am also able to verify them successfully.
>
> When I change just one character, I'ld get an exception: "message-digest
> attribute value does not match calculated value". But without modifiing
> something, the signer's verify method just returns false.
>
> So by the way: What does that mean? If the digest matches the calculated
> value, everything should be fine or not?
>
> Here are the parts of the code – nothing special I guess:
>
> FileInputStream fis3 = new
> FileInputStream(parameters.get("c:\\verification fails.txt"));
> Properties p = System.getProperties();
> encrypted = new MimeMessage(Session.getDefaultInstance(p), fis3);
> fis3.close();
>
> SMIMESigned s = new SMIMESigned((MimeMultipart) encrypted.getContent());
>
> Security.addProvider(new BouncyCastleProvider());
> Store certs = s.getCertificates();
> SignerInformationStore signers = s.getSignerInfos();
> Collection<SignerInformation> c = signers.getSigners();
> Iterator<SignerInformation> it = c.iterator();
> SignerInformation signer = (SignerInformation) it.next();
> Collection certCollection = certs.getMatches(signer.getSID());
> Iterator certIt = certCollection.iterator();
> X509CertificateHolder ch = (X509CertificateHolder) certIt.next();
> X509Certificate cert = new
> JcaX509CertificateConverter().setProvider("BC").getCertificate(ch);
> JcaSimpleSignerInfoVerifierBuilder verifier = new
> JcaSimpleSignerInfoVerifierBuilder();
> verifier.setProvider("BC");
> SignerInformationVerifier siv = verifier.build(cert);
> MyRightSignerInformation rSigner = new MyRightSignerInformation(signer);
>
> if (rSigner.verify(siv)) {
> // *** would be great
> }
> else
> {
>  // *** here we are :-(
> }
>
> What can I do to verify the signature?

The message verifies correctly with BC 1.57 using my own tools. It also
verifies correctly with openssl.

Which version of BC are you using? BC 1.57 added support for non
standard salt lengths:

"The CMS API will now correctly verify PSS signatures with odd length
salts."

The message appears to be using a non-standard salt length.

See for more info

http://www.bouncycastle.org/jira/browse/BJA-665?jql=project%20%3D%20BJA

Kind regards,

Martijn Brinkers

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail