Re: Generating a CMSSignedData starting from another CMSSignedData and a CertStore

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Generating a CMSSignedData starting from another CMSSignedData and a CertStore

Antonio Bonavita
Thank you for your suggestion.
Now the problem is "invalid signature format in message". So, I think I generate a CMSSignedData starting from another CMSSignedData and a CertStore in a wrong way.


I tried to construct a CMSSignedData which contains a Signature, some certificates and a CRL.
The first time I call my function
vfyCMS to verify a CMSSignedData which contains a signature => it correctly verifies the signature.
The second time, after being added some certificates and a CRL, it reveals
"invalid signature format in message".
Could you possibly help me with some suggestions, please?

Best regards,
Antonio


Here my code:

// signedData is a byte array which stores some already signed data
CMSSignedData csd = new CMSSignedData(signedData);
vfyCMS(csd);            // OK
SignerInformationStore sinfo = csd.getSignerInfos();
               
CMSSignedDataGenerator    gen = new CMSSignedDataGenerator();
gen.addSigners(sinfo);
         
// store is a CertStore correctly instantiated which contains 4 CA certificates and a CRL 
gen.addCertificatesAndCRLs(store); 

           
CMSProcessable content = new CMSProcessableByteArray(signedData);
CMSSignedData  sdata = gen.generate(content, "BC");
vfyCMS(sdata);        
// CMSException: invalid signature format in message.



org.bouncycastle.cms.CMSException: invalid signature format in message.
    at org.bouncycastle.cms.SignerInformation.doVerify(SignerInformation.java:389)
    at org.bouncycastle.cms.SignerInformation.verify(SignerInformation.java:417)
Reply | Threaded
Open this post in threaded view
|

Re: Generating a CMSSignedData starting from another CMSSignedData and a CertStore

David Hook-4

This is just a guess, but normally this exception means you are using
the wrong public key certificate to verify the signature - before you do
anything it would be worth checking that you are passing in the correct
certificate for the signer id contained in the signature.

You can also find out more about the exception by look at the return
value of CMSException.getUnderlyingException().

Regards,

David

On Fri, 2005-09-09 at 10:20 +0200, Antonio Bonavita wrote:

> Thank you for your suggestion.
> Now the problem is "invalid signature format in message". So, I think
> I generate a CMSSignedData starting from another CMSSignedData and a
> CertStore in a wrong way.
>
> I tried to construct a CMSSignedData which contains a Signature, some
> certificates and a CRL.
> The first time I call my function vfyCMS to verify a CMSSignedData
> which contains a signature => it correctly verifies the signature.
> The second time, after being added some certificates and a CRL, it
> reveals "invalid signature format in message".
> Could you possibly help me with some suggestions, please?
>
> Best regards,
> Antonio
>
> Here my code:
>
> // signedData is a byte array which stores some already signed data
> CMSSignedData csd = new CMSSignedData(signedData);
> vfyCMS(csd);            // OK
> SignerInformationStore sinfo = csd.getSignerInfos();
>                
> CMSSignedDataGenerator    gen = new CMSSignedDataGenerator();
> gen.addSigners(sinfo);
>          
> // store is a CertStore correctly instantiated which contains 4 CA
> certificates and a CRL  
> gen.addCertificatesAndCRLs(store);  
>            
> CMSProcessable content = new CMSProcessableByteArray(signedData);
> CMSSignedData  sdata = gen.generate(content, "BC");
> vfyCMS(sdata);         // CMSException: invalid signature format in
> message.
>
>
>
> org.bouncycastle.cms.CMSException: invalid signature format in
> message.
>     at org.bouncycastle.cms.SignerInformation.doVerify
> (SignerInformation.java:389)
>     at org.bouncycastle.cms.SignerInformation.verify
> (SignerInformation.java:417)