Signing with GOST

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Signing with GOST

Eugene Grosbein
Hi!

Does BouncyCastle have any regression tests to verify if signing with an algorithm is broken or not?

Short story: I use BouncyCastle 1.54 with iText 5.5.9 to sign existing PDF file
using my GOST 34.11/34.10-2001 based certificate/private key.

The code successfully produces new PDF file that has internal signature and
Acrobat Reader DC for Windows confirms that. It verifies that sigining certificate is OK
but complains: "Document has been modified or corrupted since signed".

Long story: I need command line utility capable of using GOST-based certificates/keys
to batch PDF-signing. I've wrote simple code based on old "PdfSigner" example by [hidden email]
modified for modern versions of BouncyCastle and iText:

- used purchased physical USB-token to extract my certificate with private key
  to my.p12 file (PKCS #12, 2906 bytes);

- converted my.p12 to UBER keystore file my.ubr with following command using Java keytool:

keytool -importkeystore -destkeystore my.ubr -deststoretype UBER -deststorepass 123456 \
 -destkeypass 123456 -srcstoretype PKCS12 -srcstorepass 123456 -srckeystore my.p12 \
 -alias 1 -provider org.bouncycastle.jce.provider.BouncyCastleProvider \
 -providerpath /usr/local/share/java/classes/bcprov.jar

- got little PDF-1.4 file and signed with my code:

java sign my.ubr 123456 sample.pdf output.pdf

The source code is pretty basic and short: http://www.grosbein.net/files/sign.java
It uses itextpdf's MakeSignature.signDetached() with org.bouncycastle.jce.provider.BouncyCastleProvider.

Produced output.pdf has broken signature. I use Windows with CryptoPro CSP 4 as crypto provider
and its Adobe Reader's addon to check PDF signature. It successfully checks other correctly signeg
PDF files produced by other applications.

So, how can I rule out bugs of itextpdf? How can I test that BouncyCastle support for GOST is not broken?

Eugene Grosbein

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Signing with GOST

Marc Kaufman
Adobe Acrobat doesn't support GOST, unless you have a custom provider plugin. It only knows RSA and ECC with FIPS curves.

-----Original Message-----
From: Eugene Grosbein [mailto:[hidden email]]
Sent: Tuesday, July 19, 2016 10:29 PM
To: [hidden email]
Subject: [dev-crypto] Signing with GOST

Hi!

Does BouncyCastle have any regression tests to verify if signing with an algorithm is broken or not?

Short story: I use BouncyCastle 1.54 with iText 5.5.9 to sign existing PDF file using my GOST 34.11/34.10-2001 based certificate/private key.

The code successfully produces new PDF file that has internal signature and Acrobat Reader DC for Windows confirms that. It verifies that sigining certificate is OK but complains: "Document has been modified or corrupted since signed".

Long story: I need command line utility capable of using GOST-based certificates/keys to batch PDF-signing. I've wrote simple code based on old "PdfSigner" example by [hidden email] modified for modern versions of BouncyCastle and iText:

- used purchased physical USB-token to extract my certificate with private key
  to my.p12 file (PKCS #12, 2906 bytes);

- converted my.p12 to UBER keystore file my.ubr with following command using Java keytool:

keytool -importkeystore -destkeystore my.ubr -deststoretype UBER -deststorepass 123456 \  -destkeypass 123456 -srcstoretype PKCS12 -srcstorepass 123456 -srckeystore my.p12 \  -alias 1 -provider org.bouncycastle.jce.provider.BouncyCastleProvider \  -providerpath /usr/local/share/java/classes/bcprov.jar

- got little PDF-1.4 file and signed with my code:

java sign my.ubr 123456 sample.pdf output.pdf

The source code is pretty basic and short: http://www.grosbein.net/files/sign.java
It uses itextpdf's MakeSignature.signDetached() with org.bouncycastle.jce.provider.BouncyCastleProvider.

Produced output.pdf has broken signature. I use Windows with CryptoPro CSP 4 as crypto provider and its Adobe Reader's addon to check PDF signature. It successfully checks other correctly signeg PDF files produced by other applications.

So, how can I rule out bugs of itextpdf? How can I test that BouncyCastle support for GOST is not broken?

Eugene Grosbein


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signing with GOST

Eugene Grosbein
On 20.07.2016 12:38, Marc Kaufman wrote:

[skip]

>> Produced output.pdf has broken signature. I use Windows with CryptoPro CSP 4 as crypto provider and its Adobe Reader's addon to check PDF signature. It successfully checks other correctly signeg PDF files produced by other applications.

> Adobe Acrobat doesn't support GOST, unless you have a custom provider plugin. It only knows RSA and ECC with FIPS curves.

Please re-read my quoted line. Yes, I use CryptoPro provider plugin for the Reader,
it work just fine.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signing with GOST

Eugene Grosbein
On 20.07.2016 12:43, Eugene Grosbein wrote:

> On 20.07.2016 12:38, Marc Kaufman wrote:
>
> [skip]
>
>>> Produced output.pdf has broken signature. I use Windows with CryptoPro CSP 4 as crypto provider and its Adobe Reader's addon to check PDF signature. It successfully checks other correctly signeg PDF files produced by other applications.
>
>> Adobe Acrobat doesn't support GOST, unless you have a custom provider plugin. It only knows RSA and ECC with FIPS curves.
>
> Please re-read my quoted line. Yes, I use CryptoPro provider plugin for the Reader,
> it work just fine.

I should be more precise: CryptoPro CSP 4 brings in GOST support for Adobe Reader
and the Reader successfully verifies GOST-based PDF signatures for files produces by other applications
but not my code using BouncyCastle.



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signing with GOST

Eugene Grosbein
In reply to this post by Eugene Grosbein
On 20.07.2016 12:28, Eugene Grosbein wrote:
> Hi!
>
> Does BouncyCastle have any regression tests to verify if signing with an algorithm is broken or not?

My certificate has Russian Cyrillic text in its attributes in Unicode format.
Can this be a culprit for signature breakage? E.g. some code breaks on non-ASCII bytes?


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Signing with GOST

Marc Kaufman
Acrobat can handle Unicode Subject and Issuer fields. But Acrobat does not support the GOST algorithm. There are third-party signature provider plugins that do support GOST.

-----Original Message-----
From: Eugene Grosbein [mailto:[hidden email]]
Sent: Wednesday, July 20, 2016 6:47 AM
To: [hidden email]
Subject: Re: [dev-crypto] Signing with GOST

On 20.07.2016 12:28, Eugene Grosbein wrote:
> Hi!
>
> Does BouncyCastle have any regression tests to verify if signing with an algorithm is broken or not?

My certificate has Russian Cyrillic text in its attributes in Unicode format.
Can this be a culprit for signature breakage? E.g. some code breaks on non-ASCII bytes?



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Signing with GOST

David Hook
In reply to this post by Eugene Grosbein

It seems unlikely. Are you able to verify the certificate?

One other question, does the CMS signature associated with PDF have
signed attributes in it?

Regards,

David

On 20/07/16 23:47, Eugene Grosbein wrote:
> On 20.07.2016 12:28, Eugene Grosbein wrote:
>> Hi!
>>
>> Does BouncyCastle have any regression tests to verify if signing with an algorithm is broken or not?
> My certificate has Russian Cyrillic text in its attributes in Unicode format.
> Can this be a culprit for signature breakage? E.g. some code breaks on non-ASCII bytes?
>
>
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[SOLVED] Signing with GOST

Eugene Grosbein
On 21.07.2016 06:44, David Hook wrote:
>
> It seems unlikely. Are you able to verify the certificate?

Yes.

> One other question, does the CMS signature associated with PDF have
> signed attributes in it?

I solved the case. There was not BouncyCastle's fault. There is a bug in the itextpdf-5.5.9
that silently changes digestEncryptionAlgoritm from ECGOST3410 to ECDSA,
so signed document get digest encrypted wrong algorithm.

I've patched itextpdf sources and rebuilt itextpdf-5.5.9.jar and problem has gone.

Thank you all for replays and sorry for noise.

Eugene Grosbein


Loading...